Talk to us!

Our Commitment to Security and Compliance

At Acorn Compliance, Security and Compliance is the foundation of our company and at the heart of our values. We know that when you use our services, you're trusting us with your valuable information and we want you to feel assured that your data is protected. We are committed to keeping our security up to date with the best practice standards such as but not limited to Cyber Essentials, Cyber Essentials Plus, NHS DSPT and UK/EU GDPR.

Have a specific question? You can always reach our security team at info@acorncompliance.com

Our Overall Security Stance

What certifications/Practices do you have? We are proud to be certified against Cyber Essentials, Cyber Essentials Plus and NHS DSPT. We hold registration with the ICO as a UK data Processor and ensure our data processing practices are in line with UK/EU GDPR.

We actively work to maintain our certifications and practices annually to demonstrate ongoing commitment to the highest security standards and laws.

How We Protect Your Data

Is my data encrypted?Yes. We use strong encryption protocols to protect your data at every stage.

• In Transit: Data that moves across our network is protected using TLS 1.2 and HTTPS.
• At Rest: Data that is stored in our databases is encrypted using robust algorithms like AES-256.
• Company Devices: All company devices used by employees are mandated to have full-disk encryption and audited in line with our company policies.

How do you manage and control access to my data? Customer data is protected through a multi-layered approach. We segment your data from other customer data using specialised Identification markers and using robust RBAC controls so our employees only ever access the minimum data needed.

Do you use Customer Data during Testing? No. All customer data is separated from the Testing environment through industry best configuration meaning we never use customer data to test any new features we have developed.

How long is client data kept for? Once a client is no longer in contract with us, we archive their data and this is kept for 3 months.

Is there a Data Subject Access Request (DSAR) Process if I want to delete my data? If you would like to have your data modified, deleted, transferred or restricted from processing, you can send requests to info@acorncompliance.com. These requests are free of charge (unless manifestly unfounded or excessive) and will be addressed as early as possible and always within one month (extendable by two months in complex cases).

Is customer data ever kept on a Hard drive or other forms of transferable media?No. Our internal policies prohibit the use of transferrable media for data storage and or data transfer. Customer data concerning personal information such as Names and Email addresses are never transferred via transferable media.

How We Secure Our Technology

Do you pentest your platform regularly? Squirrel™2.0 is the only Healthtech compliance that has continuous pentesting installed. This means we take a proactive stance to fixing vulnerabilities rather than a reactive one.

Do you set strong authentication and Password Controls? Where authentication is installed, controls are set up in line with Oauth 2.0. Our password policy mandates that passwords are set up in line with industry best practice (12 Characters, lower/uppercase etc.)

Do you monitor threats that can affect your platform? We have ongoing threat intelligence in place which monitors for threats across the internet allowing us to keep our platform secure and up to date.

Do you Backup your systems regularly? Squirrel™ 2.0 enforces a daily backup of the platform using a scheduled approach to backup when least in use.

How often are Systems patched?  We ensure that autopatching is deployed on every system possible and any critical updates needing to be done manually are installed within 14 days.

How We Secure Our People & Processes

Do we perform background checks before hiring employees? Yes. We conduct background checks prior to hiring individuals, where legally required. This ensures safe access to customer data.

Are employees training on how to uphold information security? All employees undergo annual cyber security and GDPR training as part of our Security Awareness Programme and Initiatives.

Are your suppliers assessed for security assurance? We conduct annual security audits on our suppliers including subprocessors related to Squirrel™ 2.0.

Is confidentiality a part of all partner agreements and employee contacts? Yes. We ensure that every contract we sign has a confidentiality clause to protect your data.

Do you conduct annual audits on how effective your process and systems are? We conduct annual internal audits for management to assess the effectiveness of our security posture and controls.

‍Our Security Certifications