Cyber Security

CommittedGiving places the security and confidentiality of your data at number one in our list of priorities.

This part of our website is a little wordier to reflect that degree of importance.

Explore

Always secure, always reliable

We utilise a private VMware Cloud Based server environment hosted within a secure purpose-built data centre provided by Claranet: a leading provider in this field.

Much of the security, performance and monitoring processes are provided by Claranet as part of the contractual arrangements between our two organisations.

CommittedGiving has ISO27001 Information Security certification. That standard is expressly targeted towards the confidentiality, integrity and availability of data and systems.

A full and comprehensive suite of policy documents and associated recording and monitoring processes is in place and actively utilised.

View: claranet.co.uk

About Committed Giving

Technical information

Maintenance/upgrade window schedule

All server or infrastructure type maintenance is always scheduled overnight between 11pm and 1am Mon-Thurs to avoid any impact on live services.

Windows server, database and operating system fixes are applied weekly every Tuesday night. Occasionally these require server restarts – the downtime for this is not counted against the 99.9% uptime target.

Bugs/fixes releases

Development planning follows an agile methodology using initial change requests to ascertain requirements and scope out risks. Low impact changes (hot fixes) can be deployed immediately but medium or high-level changes will enter the development cycle with the appropriate developer(s). The development cycle will use internal test environments with each developer initially responsible for testing their own work and then being further escalated for review by the operations team. Dependent on scale, the development will either then be rolled out to the client Sandbox environment for feedback/review or deployed to live production at a pre-agreed date/time.

The ability to rollback production is maintained as part of the version controls.

Application Availability

Following the development cycle, applications will be deployed at an agreed date/time. Typically, this will be after working hours for back office applications and before working hours for front-end public facing websites. Average downtime for deployment is 30 seconds.

In the case of major releases, additional instances can be deployed to alternative URL’s and then switched with the original instance being removed from the workgroup.

Application and infrastructure performance monitoring and fault alerting

We maintain performance monitoring and fault-finding tools across all facets of the network and server infrastructure. Pre-set indicators are established and when exceeded SMS and Email notifications are sent to relevant members of the development and operations teams. In addition, performance statistics for each 24-hour period are automatically produced and made available to the operations team for exception and trend analysis.

Internal administration web tools have been developed which allow us to monitor both server and web applications via a single dashboard accessible only via a dedicated VPN restricted by IP address. The dashboard provides both a summary and snapshot of real-time server performance and website availability. It also provides the ability to apply performance tweaking including the ability to scale the servers to meet demand and reset application pools.

Service issues recording and resolution

A support ticket application is provided via the back office to log issues, record all communications and measure against SLA objectives. Tasks are assigned to the relevant developer and monitored via the operations team and account management.

Traffic peaks

The standard bandwidth channel is already of greater capacity than required to meet highest usage as monitored over the previous rolling 12 months. ‘Burst’ capability is in place to meet unexpected demand.

Service-critical systems resilience

All live databases and application servers are real time mirrored to a separate environment using the Claranet Zerto replication product. In the event of a major disaster, the servers can be restored within 3 hours from decision to restore. A full documented Disaster Recovery Plan is in force and key elements are regularly tested.

In addition, generic scheduled overnight incremental backups of databases and live applications are run using the Attix5 product supported by Claranet. Full or part restoration can be performed on demand.

Restore tests are run every quarter and the results documented and recorded.

Repositories are used by developers for key application source code providing each developer with access to either the full library or restricted privileges based on dependencies. The repository records a full audit trail thus allowing live production versions to be rolled back if required.

Uptime of frontend and backend systems

Target for uptime is 99.99%. Three key issues apply when talking about uptime:

  • Reliability of hosting provider
  • Reliability of software
  • Correct configuration

Regular monitoring of these three key areas and the implication of any changes that may affect these are considered as part of any major upgrade or release.

Third Party monitoring tools such as Pingdom and Uptime Robot are used to monitor availability and provide additional performance metrics.

Concurrent users/transactions

There is no limit on the number of internal users active at any one time.

Service attacks e.g. denial of service

The contracted Web Acceleration and DoS protection in use uses a host of tools to protect our applications from attacks, ranging from layer 3 (volumetric) to layer 7 (application) attacks. Intelligent DoS mitigation system monitors the network for traffic that is synonymous with attacks to prevent them before they can cause an issue.

In addition a Pulse Secure Firewall is active across all servers and is regularly checked for status, relevance and latest versions.

Virus & Malware

All servers, workstations and laptops run real-time virus check and Malware scans are run weekly. Emails are scanned and, where necessary quarantined, pre-delivery.

In addition, a Pulse Secure Firewall is active across all servers and is regularly checked for status, relevance and latest versions.

Scans & Audits

Approved third party vendors are contracted to:

  • Run automated monthly vulnerability scans on relevant servers
  • Carry out annual black box penetration tests
  • Approve annual PCI Assessments
  • Carry out annual ISO27 Information Security audits
  • Carry out tri-ennial BACS audits

Request help & support

We're here to help

General Enquiries

Drop us a message today

Nigel Harris

Director & Founder

Director and founder member of the company. Particular responsibility these days for day to management of the Company and Client and Supplier relationships. Most definitely not an IT person, “I’m really thankful to be surrounded by such a good team of geeks who do know what they are doing.”

Nowadays, outside of work, enjoys travel and eating out, preferably combining both and also the company of his gorgeous grandkids. Oh, and also is a life long supporter of Gillingham Football Club, but hasn’t allowed that to adversely affect his life.

team hobby

Hannah Trott

Developer

A star developer working mainly on the Hub. Completed her MSc Information Technology Management for Business following her BSc at Greenwich University in 2012 and joined us in January 2013. “I really enjoy being part of the team as we all help and support one another but can still enjoy each other’s sense of humour (well those who have got one).”

Interested in loads of things, including reading, dancing, swimming and tri-athalons.

Contact us

Mathew Harris

Director

Mathew Joined CommittedGiving way back in 2002 at the same time as the launch of our then brand new online fundraising service – which at that time consisted of just the one Client!

He has played a major role in developing and enhancing the core applications and services since that time and now, as a Director of the company, manages some of our major Client, Supplier and Partner relationships as well as getting heavily involved in new business generation and product development.

Contact us

Richard Kujawski

IT Manager

All round technical whizz. Amongst other things looks after our servers, provides database administration support, manages third party software and licences. And on top of all this finds time to deal with Clients and develop and implement many of the public facing fundraising web pages. Currently our longest serving team member and long may he continue to be so.

Not surprisingly in his spare time loves tinkering with computers and other high tech pieces of kit. Keeps fit running around the countryside geo caching with his family.

Contact us

Jonathan Peters

Software Technician

“Honest, adaptable and loyal with extensive IT experience. Possesses wide ranging software and technology knowledge. A good team member.” That’s what he tells us. And, to be fair, it’s all true.

Currently using his all-round skills to support key systems and Clients and finding time to get involved in project and system developments. A real asset to the team.

In his spare time a dedicated family man with a keen interest in all things aviation. A real high flyer!

Contact us

Holly Bratton-Smith

Systems Developer

Very pleased to be part of the team and learning something new every day. Graduated with a BSc Computer Science from University of Greenwich and have previous experience in the payment industry.

Love to travel, particularly to places to see animals. Enjoy going out to the cinema, music gigs, football matches and spending time with family.

Contact us

Jerry Traves

IT Application & Production Support Operator

A certified software tester with degrees from Oxford & Open universities, Jerry joins us after a long stint in the IT department of a major travel & financial services company. Working in production data management and UAT he really enjoys the flexible, positive ‘can do’ ethos of the team.

Outside working hours he spends most of his time in the garden or on DIY projects, but would rather be cycling or walking with his family.

Contact us

Monika Wyszomirska

Operations Manager

Monika joins us from a city based legal company and is now responsible for all our production data management needs.

She brings a Master’s Degree in Human Resources Management, a Bachelor’s Degree in Accountancy and a passion for data and detail. So facts, figures and colleagues are in safe hands!

Contact us