1.1. Information security is a serious matter for WillSuite. This policy serves as a guide
to let you know the steps we take to ensure the privacy of your data.
Data Center Security
2.1. WillSuite runs on the DigitalOcean platform with data hosted by the platform Amazon Web Services (AWS) in
nondescript housed facilities. Our data centers are located in London.
2.2. Physical access is strictly controlled both at the perimeter and at building ingress points by professional
security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.
All visitors and contractors are required to present identification and are signed in and continually
escorted by authorized staff.
3.1. Our server network can only be accessed via SSH with public key authentication or via Two-factor
Authentication over SSL. Public keys are removed from servers where access is no longer required.
3.2. Operating system security patches are checked on a nightly basis.
Ongoing Security Monitoring
4.1. Servers are checked for security patches on a nightly basis.
4.2. Automated application checks are ran against the PHP Security Advisories Database
(https://security.sensiolabs.org/) on a nightly basis. WillSuite are alerted if any third party package
4.3. WillSuite are notified when suspicious traffic or account activity is detected. In some cases access to the
system may be automatically restricted until manual intervention by WillSuite employees.
Encryption of Data
5.1. Communications between you and WillSuite servers are encrypted via industry best-practice HTTPS and
Transport Layer Security (TLS) by default.
5.2. At rest, data is encrypted on our AWS platform with AES-256 encryption.
Data backup and redundancy
6.1. WillSuite’s strict backup regime ensures customer data is backed up on point-in-time basis, supplemented by
a further daily backup.
6.2. Before being purged;
6.2.1. Daily backups are held for a period of 16 days.
6.2.2. Weekly backups are held for a period of 8 weeks.
6.2.3. Monthly backups are held for a period of 3 months.
7.1. Customer data is retained for as long as you remain a customer and until impractical, your data will remain
in the WillSuite system indefinitely. Former customers’ core data is removed from live databases upon a
customer's written request or after an established period following the termination of the customer
agreement. In general, former customers’ data is purged 90 days after all customer relationships are
7.2. Information stored in replicas, snapshots, and backups is not actively purged but instead naturally ages
itself from the repositories as the data lifecycle occurs. WillSuite reserves the right to alter the data
pruning period and process at its discretion in order to address technical, compliance, or statutory needs.
Framework level security
8.1. We use tools and techniques to protect against common security vulnerabilities. This includes escaping
user-inputted data which is rendered to reduce the threat of Cross Site Scripting (XSS), CSRF tokens are
used to minimize the risk Cross Site Request Forgery (CSRF), and use of PDO across the system to minimize
the risk of SQL Injection.
8.2. Protection against the above attack vectors is evaluated as part of our third-party security audits.
9.1. Customer Support, Services, and other customer engagement staff with a need-to-know may request access to
customer services on a time-limited basis. Requests for access are limited to their work responsibilities
associated with supporting and servicing our customers. The requests are limited to just-in-time access to a
specific customer's service for a 24 hour period.
9.2. All access requests, logins, queries, page views and similar information are logged. Employee access is
subject to daily review and at least semi-annual recertification to ensure authorized systems are within
limits of employees' current roles.
10.1. All employees are subject to pre-employment checks where appropriate, compliant to the BS7858:2012 security
screening standard including, but not limited to,
10.1.1. Confirmation of name, date of birth and address
10.1.2. Right to work validation
10.1.3. 5 Year career history reference checks employment, self-employment and unemployment
10.1.4. Independent verification of any career gap which exceeds 31 days
10.1.5. Verified written character reference
10.1.6. Education checks as appropriate
10.1.7. Financial public record check: CCJ’s, insolvency, bankruptcy, IVA’s, undeclared address links & aliases.
10.1.8. Terrorist financial sanctions list & company officer checks
10.1.9. Basic Criminal Record Disclosure
10.1.10. Certificate of screening & full audit file supplied when vetting is complete
11.1. All employees receive security and incident response processes training within the first month of employment
as part of the WillSuite security program along with role-specific follow-up training. All employees must
comply with Non-Disclosure Agreements and Acceptable Use Policies before access to production networks and
11.2. Employees are tested on their knowledge of different common attack vectors used within web applications and
given training on risk minimization before and during development on the code base.
User-Side Security Features
12.1. Two Factor Authentication Two Factor authentication via an app (such as Google Authenticator or Authy) is
enforceable for users of the system to protect their account in the event their password is compromised.
12.2. Password Policy We enforce a password policy restricting complexity and uniqueness of passwords.
12.3. Unobtainable Authentication Data Passwords are one-way hashed and salted using bcrypt, the recommended
industry standard in one-way hashing. Passwords cannot be retrieved from the database by any party.
12.4. Communication Encryption Web traffic to our platform is forced over encrypted HTTPS and is authenticated
using TLS 1.3 (a strong protocol), X25519 (a strong key exchange), and AES_256_GCM (a strong cipher).
12.5. Role-based Access Role-based user access, allowing administrators to restrict application and data access
for certain users dependent on their role.
12.6. Location-based Access If requested, user access can be restricted to an IP address (such as an office
network or VPN).