The security of all data is of paramount importance to Sedex. The information below details how we ensure the security of the data stored within the Sedex system.
- System access is controlled via unique usernames and passwords.
- Idle sessions timeout to minimise the risk of security breaches.
- Companies are unable to view each other’s supply chains. Sedex cannot be used as a procurement tool to search for suppliers.
- Data can only be shared between companies in a supply chain relationship. All access to data is dependent on ownership of the data. As the owner of a site you must explicitly grant access to member companies within your supply chain.
- Specific access to view the data can only be granted by the owner. For example, a site-level user can only view and edit information for the site to which he/she is allocated.
- The site-level user may grant access to a company with viewing rights (with A membership) to view information about the site, provided there is a supply chain relationship between the two.
- All transmission of data is via Secure Socket Layer (SSL) technology to protect data using both server authentication and 128-bit encryption. This technology ensures that others cannot view data as it travels over the Internet.
- The Sedex servers are hosted in a highly secure environment provided by a hosting services provider that uses multiple firewalls and other advanced technology to prevent outside interference or intrusions. In addition, constant monitoring ensures evaluation of emerging security developments and threats.
- Sedex conducts intrusion tests of the system at a minimum once per year to ensure security is maximised.