• About Avenir Risk
• Services
• Risk Consultancy
• Modelling
• Training
• Reviews
• Research
• Benchmarking
• Software
• Data Security
• Contact Us

Credit Risk Consulting

Insights, Modelling, Solutions, Guidance

Data Security

Our Approach

Avenir Risk takes data security extremely seriously. For example:

• Our laptops and PCs are encrypted with 50 character passwords using PGP encryption (this is actually more secure than that used in on-line banking systems)
• We use secure-shell PGP encryption for all access to our server and for transmission by email of sensitive data between ourselves
• The server on which we do our major modelling and data analysis is based on Linux with all the concomitant Unix security, such as file and directory permissions, control of users running particular programs, 'grant' privileges for database tables, web-server configuration files with detailed access control etc..
• We follow a basic principle that consultants have the minimum access required for the work that they are doing.
• We have a full data security policy (available on request) which covers the following items amongst others. This document will be extended when we implement any on-line systems:

Systems Policies

• Software Update Policy
• Acceptable Use
• Hardware and Software Acquisition
• Spyware / Malware
• Software Upgrades
• Company Email
• Disaster Recovery
• Laptops and Desktop Computers
• Server Recovery
• VOIP
• Firewalls
• WiFi
• Intrusion Detection
• Vulnerability Analysis
• Backup of Data, Programs and other Files
• Networking
• Access Mechanisms
• Partner and 3rd Party Connectivity
• System Development and Deployment

Data Policies

• Encryption and Key Management
• Certification and Accreditation
• Databases
• Confidentiality
• Data Protection Policy
• Audits and Data Logs
• Data Transmission
• Location Security
• Data Security “on the move”
• Data Ownership
• Data Retention
• Data Security Awareness and Education
• Information Held on Paper

Security Incident Management

• Security Incident Reporting Log
• Theft
• Procedure for Malicious Virus Attack
• Procedure for Unauthorised Access Attempts
• Procedure for Other Security Incidents

Contingency Planning

We have a contingency plan available that can be examined on request.