Download our 2024 State of the Construction Industry Report
Background circles

Compliance

Using Re-flow to have confidence in your compliance

For our clients with field operatives, being able to ensure staff are correctly following their company’s policies and procedures, that also comply with applicable laws and regulations, is essential. Re-flow software provides a consistent, secure, auditable workflow, that means you can enforce consistent processes to match the legal requirements in your sector.

How is my data protected?
Protection from DDoS attacks

Automatic detection and prevention of sophisticated DDoS attacks, filtering out malicious traffic and ensuring our servers only receive genuine traffic.

Web Application Firewall (WAF)

Designed to protect your data from hackers, if they try to exploit weaknesses in the application code.

Threat Monitoring and Threat Response

All in one HIDS/SIEM system, that enables us to continually monitor for malicious activity. Collating and parsing logs from critical services like SSH, RDP and web traffic, Threat Monitoring can hunt down and block attackers automatically, while providing real-time alerts of threat activity.

Two Factor Authentication (2FA)

SMS two-factor authentication (2FA) adds an extra layer of protection to the standard password method of online identification. User accounts are linked to a mobile phone, where a unique time sensitive code is sent to gain access.

Where is the software platform hosted?

Our software platform and your data is hosted by ANS and our servers are backed up multiple times per day, on a 30 day retention, with Enterprise-Grade Commvault backups. ANS guarantees 100% network uptime (through various Fibre Channel Networks, as well as balancing for Performance Maintenance), 1 hour hardware replacement in the event of failure, and a 15-minute response time for critical issues. This comes with the following certifications in the ISO certified, UK owned data centre complex in the UK:

  • ISO20000: 2018 IT service management support for design, supply, configuration and support of computer system solutions and application software.
  • ISO 27001: 2013
  • ISO 27017: 2015 Design of computer system solutions and supplying, configuring, support and maintenance of application software.
  • ISO 27018: 2019 Code of Practice for protection of PII in public cloud
  • ISO 22301: 2019 Business Continuity Management
  • ISO 9001: 2015 Quality Management System
  • ISO 14001: 2015 Environmental Management System
  • PCI DSS Level 1 Service Provider
  • Cyber Essentials +
  • BSI PAS 2060: Carbon Neutral
  • CISCO CMSP
  • G-Cloud 12
What steps does Re-flow take to protect your systems from intrusion?

The Software must be used in conjunction with usernames and passwords supplied by Re-flow to you, which you must keep safe and confidential.

For our part, our security processes include:

  • Redundant firewalls
  • Quarterly vulnerability scans
  • Disaster Recovery
  • Advanced Proactive Uptime Monitoring
  • Server maintenance and OS Patch Updates
  • Server admin access is restricted to our office static IPs and all staff laptops are encrypted.
Where is my data stored, and who has access to my data?

Your data is stored in the UK. You own all data input and processed on Re-flow relating to your activities and therefore you also have the sole responsibility for the legality, and quality of that data. 

We need you to be certain that you’re entitled to upload any personal or third party data under GDPR regulations, as you are the data controller in this circumstance, while Re-flow acts as your data processor.

Using Re-flow requires your agreement for us to use your statistical data after we’ve anonymised it, to enable us to monitor, develop and improve our software and services and maximise performance.