Cloud Security Principles

The service needs to be operated and managed securely in order to impede, detect or prevent attacks. Good operational security should not require complex, bureaucratic, time consuming or expensive processes.

NCSC - Operational Security

There are four elements to consider as part of operational security.

Configuration and Change Management

Our approach to change management is covered in the Support Operations section of our Hosting Manual. Our change control process falls within the governance of our ISO 27001 certification.

Vulnerability Management

As with change management, our vulnerability management is covered by our ISO 27001 certification. The Scheduled Maintenance section of the Hosting Manual describes our maintenance procedures.

Protective Monitoring

In the event of a malicious attack, logging will identify the source even if the attack is repelled. GOSS engineers are trained to identify and if required block potential attacks.

Incident Management

All security breaches and incidents are investigated in line with our internal incident management process. We will inform you of incidents relevant to you in a timely manner, either by telephone or via the Online Support System, depending on the severity of the incident.