Escrow London is an innovative software and SaaS escrow vendor and we consider information security as core to our business offering.
As a business, we conduct periodic risk assessments to evaluate current and emerging trends including in-depth analysis of recent security incidents globally. As a result and to ensure we comply with best industry practices within ISO 27001:2013, we have designed and implemented the following security controls:
- Our cloud vaults are located within multiple geographically dispersed regions to prevent a scenario where a single region becomes unavailable for a prolonged period of time.
- The cloud vaults are fully aligned with our client’s data residency requirements to comply with various regulations which are applicable for our client’s businesses. We can store client data in multiple regions including US, Canada, UK, EU, Asia and Australia. Additional regions may be provided upon request.
- We use multiple cloud providers for our cloud vaults hosted within purpose built state-of-the-art data centres. The locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity. The data centres are designed to anticipate and tolerate failure while maintaining service levels with sufficient capacity to enable traffic to be load-balanced to alternative sites.
- Physical and environmental security of the cloud data centres includes diverse monitored controls, ranging from CCTV, alarms, multi-factor access controls to power, climate and fire detection/suppression management.
- Our infrastructure and network security controls provide additional logical separation between clients with options ranging from multi-tenant to single-tenant environments.
- We maintain strict access standards with an emphasis on the segregation of duty. This is enforced and provides a full audit of user permissions across relevant services, actions, and resources. In line with the principle of “least privilege” only a limited number of Escrow London admins have access to client data.
- Encryption is paramount to our security process. Client data is always encrypted whilst in transit (HTTPS with TLS v1.2 and SSH/SFTP with modern ciphers) and at rest (AES-256) with long and complex passwords with high entropy to prevent brute-force attacks.
- Client data is retained for the duration of the escrow contract and/or securely disposed of after 12 months.
- The Escrow London security team monitors every component of our environment on 24/7 basis. This is maintained to gain the visibility we need in order to identify issues before they potentially may impact our business.
- To ensure we maintain complete continuity of service, Escrow London’s incident management processes are always active as well as robust Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP), which are tested on an annual basis.
- Physical vaults – for additional security, clients can opt-in for offline vault storage maintained within the media vaults of our partner data storage company, Within the physical storage, the data storage company holds encrypted copies of media without access to the decryption keys.
Escrow London is committed to our client’s data security. We understand that your business may have circumstances that require additional regulatory needs. We are always happy to accommodate these requirements to ensure that our data security provisions are in line with your business needs.