Compliance at Willow360

Security Compliance at Willow360
Everyone at Willow360 (Info Technology Supply Ltd trading as Willow360, a company incorporated in England and Wales under number 2230502 whose registered office is at 2 Hobbs House, Harrovian Business Village, Bessborough Road, Harrow, HA1 3EX, United Kingdom and its authorised resellers who may contract with a customer) takes compliance with obligations in data protection and other legislation relating to data security seriously and understands its significance both to customers and partners. For this reason, Willow360 have obtained independent third-party auditor certification for ISO 27001.
This page sets out Willow360 security measures and should be read in conjunction with Willow360 Privacy Policy and related documents on the Willow360 website including Data Privacy & Security FAQs and Data Privacy at Willow360 documents.

Security Best Practices at Willow360
At Willow360 we take great pride in our information security program and are dedicated to its continual improvement.

User Account Security
Product Access Control
A subset of Willow360's personnel has access to the service and to customer data via managed interfaces. The intention of providing access to a subset of personnel is to provide effective customer support, troubleshoot potential problems, detect, and respond to security incidents and implement data security.
Encryption
Willow360 uses 256-bit AES encryption at rest in addition to securing network communication with TLS 1.2 for encrypting data in transit.

Change Management

  • Peer code reviews: every change of Willow360 is peer reviewed whether it’s a new feature or bug fix. Security reviews are performed as appropriate.
  • Regular code audits for security.
  • Robust unit testing.
  • Regular penetration testing.

Cloud Security
Willow360 uses Microsoft Azure as its cloud service provider and leverages Azure's security and compliance controls for data centre physical security and cloud infrastructure. Further resources can be found on the Azure compliance documentation website.

Monitoring & Logging
Availability
The Willow360 service utilises automatic Azure availability services, Willow360 maintains a Status page.
Logging
Willow360 maintains a comprehensive log of all workflow actions. Actions are logged internally for troubleshooting, support, and planning purposes.

Vulnerability Management
Threat Detection
Willow360 has enabled threat detection software and enforces continual threat modelling exercises to identify and plan for any vulnerabilities in our environment.
External Penetration Testing
Willow360 undergoes an external penetration test by an independent third party on a monthly basis, new vulnerabilities are scanned daily.
Willow360 regularly updates its security measures. Users should make regular reference to this page for the latest position as this Security Compliance summary is updated from time to time.