Our commitment to security

Culture Shift is the simple, safe and secure solution for tackling unacceptable behaviour within your organisation.

But what do we actually mean when we say secure?

We take security very seriously, and we do everything we can to make sure any data collected through one of our reporting systems is handled in the most secure way possible. There are a few things you should know about:

Hosting
Our platform is cloud based and hosted on Amazon Web Services (AWS) who provide the highest levels of security, stability and performance. We're in great company, with many enterprise-level organisations, such as the likes of the BBC and the UK Ministry of Justice putting their trust in AWS. We have selected this service so you can benefit from their data centre, network architecture and military-grade encryption levels.

Secure log-in
In order to get access to your case management system, to monitor and respond to reports, you have to log in with either single sign-on (SSO) or two-factor authentication (2FA).

You can simplify the login process and improve security by integrating SSO, using your organisation's single sign-on provider to sign in to your dashboard.

Alternatively, you can use 2FA. This is the one we recommend everyone enables as it's the most secure way of getting access to your site. Two-factor authentication requires you to have an authenticator app downloaded onto another device, which you'll have to retrieve a code from each time you log in. It might sound complex, but it's really easy to set up, and we've created a video to take you through it step by step - partners can request this from their Relationship Manager.

(p.s. this is what the new 2FA pop-up looks like in the product...)

Data security
We help you meet your regulatory requirements and obligations under the Equality Act 2010, as well as the General Data Protection Regulation (GDPR) and The Data Protection Act 2018, ensuring all the correct documentation is in place. GDPR compliance is something that occasionally worries our partners, so if you're interested in finding out more about how we help you comply you might want to read this article by our Head of Development Chris Northwood, which really delves into the detail of how the system was built with GDPR in mind.

Cyber Essentials
We've even got an accreditation to give you some extra peace of mind that we are handling things securely. The Cyber Essentials certification shows that we have the knowledge to protect our organisation and our reporting systems against a whole range of the most common cyber attacks.  

Regular testing
Our commitment to security doesn't just stop with making sure everything is set up correctly in the first place. We are annually penetration tested by an independent security consultancy and engage in regular Web Application Vulnerability Scanning. This means we're constantly reviewing and improving security.

 

Now we've put your mind at rest about security, you might be ready for a Demo of the system! You can book one here at a time and date that suits you.

Keep in touch

Sign up to our newsletter to receive monthly insights and resources.