Accreditations

ISO27001 is the leading certification for supporting information security requiring annual audits of 4D’s information security management systems, physical data centre security and internal processes.

ISO27001 helps to ensure that:

• Risks and threats to information security are properly assessed and managed
• Physical security processes are properly implemented and enforced​
• Audits are regularly conducted including tests of security, incident management, business continuity and security monitoring

By holding the ISO27001 certification it demonstrates 4D’s compliance with regulatory and contractual requirements for security, privacy, incident reporting and IT governance.

The ISO27001 certification reinforces 4D’s ongoing commitment to preserving confidentiality, integrity and availability of all the physical and electronic assets managed by 4D. The ISO27001:2013 certification that 4D holds is scoped to cover the entirety of 4D’s operations, business processes and data centres.

The PSN is a UK government funded programme which provides one large, secure communications network where public sector services spanning defence, emergency services, education, healthcare, and both local and central government can access a wide variety of data and services from a single source.

Organisations which require access to the PSN must comply with the strict security regulations in place and become accredited to work within the network at any level.

4D currently holds a PSN Connection Compliance Certificate, which allows the 4D network to be connected to the PSN to send and receive data - this requires the following audits on an annual basis:

• External penetration testing of the 4D network, appropriate 4D hosted and management systems
• Internal penetration testing of the 4D network, 4D hosted and management systems
• Audits are conducted over several days by a certified CHECK or CREST penetration tester.

There are two further types of PSN certification that clients who wish to provide services to public sector organisations may be required to achieve. Which level is required will depend on the type of services to be supplied:

• PSN Service Provision Compliance Certification: Allows you to provide services or applications over the PSN to PSN customers.
• PSN Connectivity Service Compliance Certification: Allows you to provide a component, product or service which enables PSN-connected organisations to obtain intra- and inter-organisation IP data transmission.

As with the ISO27001 certification, PSN certification can give you a competitive advantage especially if you have products or services designed to be supplied into public sector organisations.

If you are storing, transmitting or processing any credit cardholder data, then you need to utilise a data centre that meets the requirements of PCI-DSS compliance. All of 4D’s data centres are PCI compliant ensuring we can provide the physical, environmental, network and infrastructure security you need to protect sensitive cardholder data and meet PCI DSS compliance standards.

There will still be a requirement to ensure your systems and applications meet the standards of PCI-DSS, but hosting these within a compliance data centre will make the process easier and ensure that the physical, environmental, network and infrastructure security elements are already taken care of.

PCI-compliance physical security

Our physical security processes ensure that only your authorised personnel have access to your private locked racks and cages. Access to the data centre is only from pre-notified, authorised contact lists. Government issued photographic ID and biometric identification from those on the lists is required to gain access to the facilities, and proximity access cards are issued on a zoned basis to ensure access is only granted to permitted areas. We maintain environmental control with 24/7 monitoring, logged surveillance, and multiple alarm systems to alert us to any disruptions.

PCI-compliant network infrastructure

Sensitive infrastructure, such as managed dedicated servers, cloud servers, power and network infrastructure are also protected by controlled access. We operate redundant routers, switches, and paired universal threat management devices to meet PCI compliance requirements for protecting sensitive information on our network.

High-availability infrastructure

To ensure uninterrupted availability of your hosted systems, our fully redundant network and power infrastructure are built for automatic failover, guaranteeing your critical data and applications are always accessible. Our Surrey and Gatwick data centres are linked with our own dedicated fibre network with multiple 10 Gbps of bandwidth available and fully diverse routing from each facility- this provides an ideal infrastructure for data backup and disaster recovery plans, meaning your cardholder data will be recoverable even in the event of a disaster.

The N3 network is the IP network which provides NHS organisations with high availability and high bandwidth network services. The N3 network is essential for facilitating programmes like the NHS Care Records Service and the Electronic Transmission of Prescriptions.

4D is an accredited N3 PoP and we have been providing secure hosting for connected N3 systems for a number of years. We work with a number of aggregators as well as the N3 Service Desk directly to ensure that clients have access to reliable, secure, high-bandwidth N3 connections which allow you to improve the way your systems connect into NHS organisations.

In order to maintain our N3 status we go through a regular auditing process as well as maintaining the following accreditations and certifications:

• Information Governance Statement of Compliance (IGSoC)
• Code of Connection Approved (3rd party N3 hosting provider)
• ISO 27001:2013 certified
• PSN Connection of Compliance Certified