Learn how we protect your privacy through design.
Here at Positive we are passionate about how we improve leaders’ resilience, adaptability, performance and in turn transform your workforce culture.
With this responsibility we understand that our clients and users trust us with some of their most valuable information. As such, we take information security very seriously and have implemented measures to ensure the confidentiality, integrity, and availability of the data entrusted to us. Our commitment to information security is reflected in our ISO27001 certification, which we obtained after undergoing rigorous independent audits.
Positive Groups information security efforts are guided and monitored by our CISO, Security Team and a Leadership Board composed of representatives from the Senior Leadership, Product, Operations, and IT Teams.
Our privacy efforts are guided and monitored by representatives from the Legal, Privacy, and Security Teams, and led by our DPL.
At Positive, we understand that information security is an ongoing process, and we are committed to continuously improving our security measures. We regularly review our security policies and procedures to ensure that we are providing the highest level of protection to our clients' data.
Our online platform, which is used as part of the services we provide, is designed with security in mind. We host our platform using Amazon Web Services (AWS), a best in class secure infrastructure. See here for more information.
Here are some of the other key measures we have taken to protect your data.
We encrypt all data transmitted to and from our platform using industry-standard SSL/TLS protocols to ensure confidentiality and prevent interception.
We use strict access controls and built-in user authentication and authorization mechanisms to ensure that only required personnel have access to your data.
We store your data in secure data centers that are certified to the highest industry standards and use physical and virtual security measures to protect it.
Active monitoring for intrusion detection and business continuity to monitor for, and protect our network from unauthorized access attempts.
We conduct regular security audits and testing to ensure that our platform remains secure and up-to-date from the latest threats and vulnerabilities.
We provide regular training to our employees on information security best practices to ensure that they are aware of the latest threats and know how to keep your data safe.
Our secure engineering lifecycle includes using regularly updated off the shelf applications and frameworks, building security into requirements with secure coding principles.
For each component of our systems, we consider the specific requirements for full functionality, and limit data and resource access to that least privilege access level, including processes, software, and users. In addition to this, components may only be used from trusted sources and authors.
We maintain that any default configuration should reflect a restrictive enforcement of security policy so that it is secure out of the the box. Wherever communication is required between system components, this is appropriately secured e.g., TLS.
Encryption and backup of data
All communications are encrypted with the latest transport layer security (TLS 1.3) whilst data is encrypted at rest using AES 256-bit encryption by default.
Whitelisting, domain and country
We back up customers' data submitted to the our online service and use AWS facilities to incrementally manage snapshots of our database at regular intervals.
Authentication
We enforce password strength of 8 characters minimum with no repeating or consecutive characters allowed. Passwords are rotated every 2 months.
Logs
All applications and components of our service have the required administration and event logging enabled.
Threat detection and anti-malware
Our service is protected by AWS Guard Duty, this continuously monitors our system for malicious activity and delivers detailed security findings for visibility and remediation.
Audits
We engage with an independent auditor on an annual basis to review our network configuration and carry out penetration tests.
We hold an ISO 27001 certification and are therefore also subject to an annual audit which is conducted by BSI.
Some things get better with age, but not browsers. Using an old browser can leave you and your data at risk as well as prevent you from experiencing the best of the modern web. To use our website, we'd recommend switching to one of the following:
