Toplevel understands that the risk of cyberattack is growing year-on-year. Our solutions are designed to provide a smart ’security-built-in’ model for public sector organisations that demand high levels of security making us a low-risk, fast deployment option for digital requirements.
Toplevel’s solutions are built on a scalable, proven security model to protect information assets and data flow. Our cloud SaaS services utilise fully-resilient hardware solution provided in a primary data centre, with no single point of failure. There is also an additional option of failover equipment in a secondary data centre if required.
Both our COTS product Outreach and our Cloud SaaS delivery service configuration, which is SQL Server based, have been rigorously tested and assured to implement a comprehensive security architecture. Please see Proven security section below.
Our solutions deliver a range of security capabilities to control access to sensitive data through inbuilt password protection, digital signatures, fine grained access control, one time security codes and single sign-on functions, as well as white and black listing and user auditing. Architecturally our solutions provide inbuilt protection from denial of service attacks, strong encryption (AES 256), antivirus integration and ISAPI allowing for dual skinned firewall architectures.
Access control and data protection
Our service offerings are oriented to delivering services accessed by multiple users across diverse locations, using secure permissions-based access and strong data protection techniques to enable collaborative working.
Systems are configured to give privileged access to your staff, enabling them to access appropriate customer data and protecting self-service customers from seeing each other’s confidential information. Deployments can be configured to meet individual security needs, including partitioning between hardened web, application and database servers.
Toplevel has a strong focus on security since it is especially critical to the Public Sector. We frequently commission penetration testing and security reporting on behalf of our customers using different CLAS and CHECK approved security firms. Recommendations are incorporated into our products’ R&D from which all of our customers can use and benefit. We have a strong track record of accreditation to IL3 /OFFICIAL Sensitive levels.
It is our policy to obtain SC clearance for all our BAU operational staff and for many of our implementation team members, such as testing / BA roles as well. Security testing and risk management are carried out in a way that allows all customers accessing Toplevel GCloud services to leverage the benefits of a single protected environment reserved exclusively for them.
In June 2015 Toplevel was awarded Pan Government Accreditation (PGA) by CESG, the information security arm of GCHQ, for the handling of OFFICIAL data by the Toplevel GCloud e-Forms Software-as-a-Service (SaaS). PGA removes the need for public sector bodies to perform their own internal comprehensive risk assessments (RMADs) and to independently assess the security assurances of the provider, helping to make the process of selecting and committing to a solution more straightforward and less time consuming. The Home Office supported us in applying for this accreditation.
PGA accreditation means that there is no need to pay expensive CLAS consultants for risk management and IT health checks. This can often result in saving of £30k-40k and improves time to market by up to two months.
Read our white paper: Governmental Collaboration online: a question of security