Frequently Asked Questions

Do you have an information security programme?

Yes. Our information security management team are responsible for maintaining and ensuring compliance to our policies and procedures.

---

How often is customer data backed up and retained for?

We conduct a full database backup daily. Backups are stored in a separate location to the primary database and are kept for 14 days.

---

Do you perform annual penetration testing?

Yes. Insight partners with CREST accredited providers to perform annual penetration testing on the Insight application.

---

Do you perform vulnerability scans or network penetration testing?

Yes. We are Cyber Essentials Plus certified, which includes an annual vulnerability scan and network penetration test of our servers and staff computers.

---

How do you restrict unauthorised access to customer data?

Our user authentication system is tested as part of our annual penetration testing. We use user access grants to control access to specific accounts. Each user is required to login with unique credentials. Insight uses recommendations from the NCSC (National Cyber Security Centre), to inform its password policy.

Insight staff must complete an access record before they can access any customer data for providing support.

System activity is logged in an audit trail.

---

What level of training do Insight staff receive?

During induction, all staff are required to achieve certification in third-party courses covering GDPR and Cyber Security. We also provide weekly training to staff on various topics covering best practices and system changes.