top of page
  • LinkedIn
  • Instagram

Security Policy

SOTERweb, a trading arm of Montgomery & Coupers Ltd, is committed to protecting the privacy and personal data of all users. As a UK-based SME SaaS company serving public sector and commercial clients, we take our data protection responsibilities seriously. This document sets out how we collect, use, protect, and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Introduction
Montgomery & Coupers Ltd is committed to maintaining the highest standards of data security and privacy for users of the SOTERweb platform. As a UK-based SaaS provider, we align our security practices with the requirements of the UK GDPR and applicable data protection legislation. This Security Policy outlines the physical, technical, and organisational measures we use to ensure the confidentiality, integrity, and availability of personal and organisational data.

2. Secure Hosting and Infrastructure
The SOTERweb platform is hosted within GDPR-compliant cloud infrastructure located in the UK. Our cloud hosting partners are carefully selected and undergo regular security audits. All data transmitted to and from the platform is encrypted using HTTPS/TLS protocols to protect against interception and tampering. Infrastructure is regularly patched and updated to address known vulnerabilities and maintain resilience against cyber threats.

3. Access Control and Authentication
Access to the SOTERweb platform’s administrative and backend systems is strictly limited to authorised personnel. We enforce strong password policies, implement multi-factor authentication (MFA) for privileged access, and restrict access rights based on job role and necessity. Each login is logged, and audit trails are maintained to detect suspicious activity and enable accountability.

4. Data Storage and Encryption
All customer data is stored in secure databases with role-based access controls. Where possible, data at rest is encrypted using industry-standard encryption algorithms. Data in transit is always protected via encrypted protocols. We regularly assess and review our encryption practices to ensure alignment with current security standards.

5. End-User Device Security
Devices used by Montgomery & Coupers Ltd to access SOTERweb systems are secured through the use of, endpoint protection software, device encryption, and automatic locking features. Staff are trained in secure device handling and are prohibited from storing personal or sensitive customer data on local drives without approved encryption.

 

6. Business Continuity and Disaster Recovery
We maintain a business continuity plan that includes detailed procedures for responding to system outages and major incidents. Regular backups of the SOTERweb platform are created and securely stored, with periodic testing to ensure that data can be restored quickly in the event of a system failure or data loss. Our disaster recovery procedures are reviewed annually and tested in controlled environments.

7. Security Monitoring and Incident Response
Montgomery & Coupers Ltd uses active monitoring tools to detect unusual activity on the SOTERweb platform. Intrusion detection systems, error logging, and activity monitoring help us identify and respond to potential threats. In the event of a security incident, we follow a documented incident response plan that includes root cause analysis, mitigation actions, and legal/regulatory notification procedures, including reporting to the ICO within 72 hours where necessary.

8. Staff Training and Awareness
All employees and contractors receive regular security awareness training. This includes training on phishing prevention, secure password practices, GDPR compliance, and identifying suspicious behaviour. We promote a security-first culture across the business.

9. Third-Party Risk Management
Before engaging third-party suppliers that handle or process data on our behalf, Montgomery & Coupers Ltd performs due diligence to ensure appropriate technical and organisational security measures are in place. Contracts with such parties include data protection and confidentiality clauses to ensure GDPR compliance.

10. Policy Review and Updates
This Security Policy is reviewed at least annually or sooner if major changes occur in our operational environment, technical infrastructure, or applicable legislation. Any significant changes to the policy will be communicated to clients via our platform or email.
If you have questions about this policy or our security measures, please contact us at admin@soterweb.org.uk.

bottom of page