Simon Jones, MD, is responsible for security at Studio 24. This is managed on a day-to-day basis by Alan Isaacson, Support Developer. Studio 24 is Cyber Essentials accredited and we actively maintain Cyber Essentials security across the team.
We have policies in place that cover:
- The testing/updating and deployment of the website codebase.
- The testing/updating of the server OS (operating system) and software packages.
- The testing/updating and deployment of the CMS (Content Management System) and the relevant plugins used.
The hosting infrastructure is monitored with automated alerts/alarms as required.
On a project basis, we identify security and data privacy risks and document these in a risk register. Mitigations are put in place and monitored by the Project Manager to ensure we are addressing these.
We have a set of secure development principles we follow to help ensure good security. Security issues that affect projects are peer reviewed by Simon Jones.
Where required, we organise an independent third-party agency to conduct a security penetration test (pen test) on the website before launch. This can be repeated on an annual basis or when significant new functionality is introduced.