Privacy and data security are key issues facing firms today. The average cost of a breach is $3.9 million, and each misuse of personal data damages trust. Security-conscious organizations trust Darwin - confident that sensitive employee data is safe.
Darwin is hosted by our enterprise data hosting partner NaviSite, whose data centers are ISO 27001:2015 accredited and SOC 1 and SOC 2 compliant. We have invested in a private cloud solution to provide greater capacity and security for our clients. This means that every piece of infrastructure that Darwin lives on is dedicated for our use only, allowing us to manage our resources better as we are the only ones using it.
One of the reasons we have partnered with NaviSite is that they operate Tier 3 data centers. These on average have an availability of 99.98%, ensuring minimal downtime for our clients and allowing us to meet our Recovery Time and Point objectives. We also have many Tier 4 controls in place for even greater security, such as back-up power stations and additional power generators.
We have a rigorous security infrastructure, led and enforced by our dedicated Information Security team. Our Information Security Management System (ISMS) is aligned to our ISO 27001:2013 accreditation. Our business undergoes twice-yearly vulnerability and penetration testing (inclusive of the Darwin platform) and any findings are remediated in accordance with our remediation processes and policies, which form a part of our ISMS.
Darwin is protected by state of the art technologies, such as enterprise level WAF, IPS, IDS and anti-virus monitoring, both at NaviSite’s data centers and within Darwin's own internal architecture. NaviSite also has highly sophisticated physical security arrangements, including security guards, dedicated CCTV and fingerprint and iris scanners. We perform internal audits annually, and are audited yearly by our external certification body.
Our Information Security Policy is owned by the Head of Information Security and reviewed by our Chief Executive Officer. The policies are reviewed and published as part of our internal audit requirements at least annually and are available for reference and use at all times.
Darwin is fully compliant with the European Union’s General Data Protection Regulation. Darwin includes several features that ensure compliance, including fully auditable capture of employee consent, data minimization, and clear instructions how employees can exercise their new rights under GDPR. Darwin collects, processes and stores PII for our clients and their employees. The security of this data is imperative to our function as this needs to be protected to provide assurance to our clients, and also prove to regulators and auditors we have ample controls in place.
Darwin helps organizations achieve their benefits, people, and wider business goals by increasing engagement, streamlining administration, controlling cost and reducing risk. And your employees are able to access and engage with their benefits wherever they are in the world.