Security

Keeping your data safe is our top priority

We maintain ISO 27001:2022 standards so you get the highest levels of security, confidentiality, integrity and availability.

Data privacy

PRODA integrates robust security with Privacy by Design concepts. We prioritise data security using ISO 27001:2022 certified practices, NIST guidelines, and advanced encryption for data at rest and in transit.

PRODA integrates international privacy principles and Privacy by Design into its methodologies.

PRODA’s technologies embed privacy features and PRODA uses innovative technologies and strict controls to maintain it.

PRODA is fully compliant with UK, GDPR and related laws.

Vendor risk management and compliance

PRODA mandates stringent data protection standards for its vendors, conducts thorough risk assessments and carries out regular audits for compliance.

All vendor relations are governed by data protection agreements, ensuring security alignment.

Cloud security

PRODA’s cloud security measures are reinforced by our dedication to data security, following ISO 27001:2022 standards, NIST guidelines, and employing the latest encryption techniques.

PRODA hosts servers on Google Cloud in Europe-London, segmented into three redundancy zones for peak reliability.

In case of service failure, PRODA guarantees swift migration within SLA timeframes and employs proactive maintenance for high uptime.

Cross-border data

PRODA’s cross-border data protection strategy is enhanced with comprehensive assessments, robust measures, diligent screening, and carefully reviewed contractual agreements.

PRODA meticulously analyzes cross-border data flows, performs impact assessments and implements robust privacy measures.

Additional security layers such as encryption and strict policies are applied. All transfers are backed by stringent contractual agreements, ensuring data integrity and confidentiality.

Dedicated security team

At PRODA, security is everyone’s responsibility. PRODA has a dedicated team of security professionals tasked with governance, enforcing best practices and are responsible for oversight and accountability.

Our team adheres to ISO 27001:2022 and technical standards, focusing on continuous security testing, vulnerability management, and regular penetration testing for swift risk mitigation.

From proactive risk management to rapid incident response, the team is here to ensure that your data remains safe and secure.

Incident management

PRODA is fully equipped to manage security incidents swiftly via its responsive incident team.

Our incident management process is enhanced by our commitment to data security. We have adopted ISO 27001:2022 certified practices and NIST guidelines to control risks effectively.

Immediate regulatory reporting and timely notifications to affected data subjects are standard. Corrective measures are taken to prevent future occurrences.

Frequently Asked Questions

What measures are in place to ensure data residency compliance? 

Our data centres are located in the Google Cloud Platform EU (London) region and adhere to stringent UK and EU data protection laws. We enforce strict data residency policies and offer transparency on data storage locations to maintain compliance and data sovereignty.

How long do you retain customer data and what controls are available? 

We implement data minimization principles, retaining customer data only as long as necessary to fulfill the services requested. Customers have the authority to manage, export, and delete their data, ensuring they maintain control over their information.

Can you detail your business continuity and disaster recovery (BC/DR) protocols?

Our BC/DR protocols are tested annually and cover a wide array of potential disruptions from infrastructure failures to global emergencies. These tests ensure our readiness to recover operations swiftly to safeguard continuity and service integrity.

How is vulnerability management handled in your infrastructure?

We proactively manage vulnerabilities with weekly automated scans and constant code repository monitoring. Any identified vulnerabilities are promptly addressed to reinforce our defensive posture and maintain system security.

What is your approach to incident management, particularly for data breaches?

We have a structured incident response plan aligned with ISO 27001:2022 standards. This includes immediate incident escalation, threat containment, system recovery, and transparent communication with all stakeholders.

How often do you perform penetration testing on your systems?

Penetration testing is conducted annually and after any significant infrastructure updates to proactively discover and remediate potential security weaknesses, thereby enhancing our overall cybersecurity framework.

What security certifications does PRODA hold?

PRODA is proud to be ISO 27001:2022 certified, demonstrating our commitment to international best practices for information security management systems.

What methods do you employ to secure data during transmission and when stored?

Data is encrypted in transit and at rest using state-of-the-art encryption standards. We deploy robust encryption protocols to ensure that sensitive information remains secure against unauthorized access.

What user access control procedures do you implement?

Access to sensitive data is strictly controlled on role-based access, rigorous authentication procedures, and periodic access reviews. This ensures that only authorized personnel have access to the data they need for their role.

How do you ensure third-party service providers comply with your security standards?

All third-party service providers undergo a comprehensive vetting process. We conduct regular audits and insist on adherence to our security standards, which comply with UK GDPR and other applicable data protection laws, to ensure the integrity and confidentiality of our clients' data.

Start now

Three easy steps

Book a demo

See PRODA in action

Test PRODA for free

With your data; no strings attached

Start using PRODA  

Within minutes and without complicated set-ups

See PRODA in action

Cookie	Duration	Description
ct_checked_emails	session	Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_checkjs	session	Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_fkp_timestamp	session	Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_ps_timestamp	session	Clean Talk sets this cookie to prevent spam on the site's comments or forms.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ct_screen_info	session	CleanTalk sets this cookie to complete an anti-spam solution and firewall for the website, preventing spam from appearing in comments and forms.