The importance of IT security
Without reliable security measures in place, companies face a range of looming risks from data leaks to cyberattacks. At Objectivity, we know how important security is to our clients because we ask — and listen. We approach security from a holistic standpoint, ensuring our clients’ initiatives are safeguarded against any potential threats during the entire engagement, and after their solutions are launched.
3-phase approach to IT security
Secure operations & infrastructure
- NFR gathering, including security needs, e.g. identity & access management, data protection & data security, regulations (e.g. GDPR)
- Agreeing preventative security measures
- Security design, utilising dedicated cloud security services
- The identification of allowed third-party and open-source software libraries & frameworks
- Establishing secure networking, environments, and CI/CD pipelines
- Conducting regular code reviews, including security reviews
- Automated scans of code and Docker images in Continuous Integration (SonarQube, Kiuwan)
- Quality assurance, including OWASP recommendations, security tools, and penetration testing (Burp, Zap)
- Monitoring and alerting on security-related issues
- Regular security scans
- Vulnerability management
In line with our holistic approach, our dedicated teams guarantee the utmost security of our clients’ software solutions during every stage of the delivery process — both in terms of operations and infrastructure.
The appropriate measures are first agreed during the Discovery phase, they are then implemented during the Development stage, and their efficacy is closely monitored as part of our Support services once the project ends.
Objectivity’s security management
Striving to make our software delivery even better, we decided to develop our dedicated Information Security Management System. Our security practices are verified by external auditors annually and by our clients on a daily basis. The lessons we learn are immediately implemented and become part of our efforts to continually improve our security management processes.
How we guarantee the security of our clients’ assets:
- Controlled hardware environment (laptops and mobile devices)
- Central identity and access management with Multi-Factor Authentication and processes for granting and revoking access
- Granular level of authorisation (in repositories, project backlogs & environments)
- Automated software upgrades
- Regular incoming email scans
- Regular software scans focused on allowed applications and vulnerability management
- Centrally managed security practices enforced and maintained by a proactive, dedicated security team, led by CISO involved in education, consultancy, warnings, and issue fixing
- Compliance with NHS Data Security and Protection Toolkit: Organisation Search (dsptoolkit.nhs.uk)
At Objectivity, we pay special attention to safeguarding the security of our and our clients’ assets. We have various company-wide standards in place, and we undergo regular, independently-led audits.
Aside from the ISO27001 and ISO9001 accreditations, we have also been awarded with the Cyber Essentials Plus certification, which sets the standard for security practices, as defined by the UK public sector. The “Plus” in “Cyber Essentials Plus” means that our security configuration is regularly verified by an independent certification body, making us a reliable and trustworthy partner for both public and private sector clients.
From day one, we strive for excellence in our security practices, working in line with our established approach to security management and achieving the industry’s most important accreditations.
The company decided to create a Common Data Layer (CDL) to ensure the coherence and security of their data across all teams. Furthermore, this idea opened up additional possibilities for switching from certain SQL server solutions to a data lake approach and further optimising the cost of their data management. Objectivity, as the Client’s trusted technology partner, was asked to support them in building a new solution in line with their needs and priorities.
The client wanted to explore the possibilities for optimising this process. They decided to engage Objectivity in finding a solution that would allow for automated verification of documents and easier error detection. The Objectivity team was tasked with building a Proof of Concept (PoC) with Microsoft’s technology stack and using it to validate documents from different sources and a variety of formats.
The due diligence data warehouse audit Objectivity carried out for EFL demonstrated that several actions were necessary to support the company’s future growth. Migrating to a newer software version was a key part of the plan.
Chief Information Security Officer
Ensuring the security of our and our clients’ assets during project delivery is at the very top of our priorities.