About us > Trust

You can trust us with your data

We've worked hard to ensure our infrastructure and the team behind it is world class.

  • We are Cyber Essentials Plus Certified.
  • We use secure data centers within the EU, US or Australia, depending on your region. All hold a broad set of industry standard accreditations such as ISO27001, ISO9001 and List X.
  • Our data centers are connected to the internet with redundant internet links and bandwidth can be easily upgraded on requirement.
  • There is redundancy at every component and service level, as well as spare capacity and we can scale our servers on demand. This means dotmailer can continue to run for prolonged periods even after experiencing major component failures, and we don't run out of space.
  • Where available, new dotmailer employees are background checked.
  • Our infrastructure is protected by firewalls and all management access requires two-factor authentication.
  • We make use of leading cloud providers and content distribution networks to host our email images, as well as many other application resources.
  • Virus scan technology is implemented throughout our infrastructure.
  • We commission annual independent third party security assessments.
  • An ongoing vulnerability scanning and management program is in place.
  • Machines are built from approved hardened images, and verified in third party security assessments.
  • A monthly patching cycle is in place to ensure the latest security updates have been applied.
  • We have restore points for critical data and these are taken every 5 minutes. Backup data is securely kept at same geographic regions, yet sufficiently distant to ensure data is not lost in the event of a disaster, whilst complying with local data protection regulation.
  • We employ skilled information security and data privacy specialists in our team to ensure security is always a priority.
  • EU Model Contracts are in place between dotmailer and its subsidiaries, as well as subcontractors processing data.
  • Role based permissions are used to control staff access to systems and data.
  • Management access to infrastructure is tightly controlled, and employs multi-factor authentication protection.
  • Intrusion Detection Technology is in place.