Data Management – Customs Connect

Our Commitment

Our Data Management system is our practice of collecting, organising, protecting, and storing the organisation’s data. It is essential for making sense of the vast quantities of data we need to fulfil our services to our clients, employees, stakeholders and company obligations. We make our research data findable, accessible, interoperable, reusable and of value. We ensure it is managed soundly, as we believe a well-researched and implemented data management system is key to comfort and knowledge that the valued data, we hold is secure.

We commit to ensure our Information Security is appropriately managed, secured and our applicability is controlled.

Our Data Management Model of 6

To ensure data quality, security, and compliance for informed decision-making

1. Structured Data.

Customer Data: This includes demographics, purchase history, and other information about customers.
Sales Data: This encompasses sales figures, product performance, and customer interactions.
Financial Data: This includes financial records, budgets, payroll and expenses.
Operational Data: This covers data related to internal business processes, inventory, support, partners and supply chain.
Employee Data: This includes HR information, payroll data, and employee performance records.
Personal data. This includes identity-related info names, gender, Social Security number, and device-related info like IP address, web browser cookies, and device IDs.

2. Unstructured Data

Text Data: This includes emails, documents, social media posts, and customer reviews.
Images and Videos: This includes photos, videos, and other multimedia content.
Audio Data: This includes audio files and transcripts.

3. BIG Data:

Our services involve the handling, control, management, knowledge integration and reuse of large amounts of sensitive client, financial and contractual data.

Our Expert team with skilled understanding, carry out inspection, manipulation, and analysis of our client’s customs data received via a variety of means:

Digital/automation within C360 software,
Email
Spreadsheets/documentation
SharePoint
API

Our clients’ International Customs Trade data/documentation is required for analysis, to identify any exceptions and submit claims for the recovery of overpayment, missed payments and/or deductions from our client’s historic financial transactions.

Further BIG Data includes:

Social Media Data: This includes data from social media platforms, such as user interactions, posts, and comments.
Internet of Things (IoT) Data: This includes data from connected devices, such as sensors and smart devices.
Log Data: This includes data from servers, applications, and other systems.

4. Metadata.

Data about Data: This includes information about the data itself, such as its origin, format, and quality.
Data Governance: This involves establishing rules and policies for managing data, including data quality, security, and compliance.
Data Security: This involves protecting data from unauthorised access, use, or disclosure.
Data Compliance: This involves ensuring that data is handled in accordance with relevant laws and regulation.
Metadata comparison: C360 Module compares two or more metadata definitions against each other.

5. Usage data.

Usage data refers to any information about how our products and service is used, encompassing things like website interactions, minutes spent on a phone, computing resources, physical telemetry, product consumption/rates, and service utilisation.

Computing Resources: Data usage on our websites, the amount of bandwidth used, or the number of concurrent users.
Physical Telemetry: Distance travelled, speed, or location data from a device.
Product Consumption: How much of a service/product is used, the ingredients/IP used, or the materials/tools consumed.
Service Utilisation: The number of licenses used, the features accessed, or the support tickets opened.

6. Behavioural data

The collection of information about how clients/users interact with our business, product, or service, to understand user preferences and patterns, and to improve user experience

Data Storage and Compliances

Our data management platform streamlines our data processes, improves data accuracy and security, and provide better insights through data and gives us more confidence in making it easily accessible across the organisation in a safe manner.

Our platform consists of:

VPC Cloud server environment with Cisco Adaptive Security Appliance (ASA) Software installed on Cisco ASA firewalls with our partner of choice, UK based award- winning Hosting Provider, ANS Group.
Microsoft 365
Microsoft Azure

Some of our partner’s certifications are listed below: –

ISO 27001:2015 International Standard for Information Security Systems
IS 22301:2019 International Standard for Business Continuity Management Systems
IS 9001:2015 International Standard for Quality Management
ISO 27018:2019 International Standard for Information Security Systems
ISO 14001:2005 International Standard for Environmental Management Systems
ISO 20000:2018 International Standard for IT Service Management
PCI Compliance
Carbon Footprint Standard PAS 2060
Cyber Essentials and Cyber Essentials +
G-Cloud 13
Cisco CMSP
VMWare Sovereign Cloud
SOC2 Type 2

Data Classification and Handling.

Data is classified in accordance with ISO/IEC 27002:2013 – Code of practice for information security controls and document 356. Information Classification Policy. This is an extension of our ISO27001 certification allowing for every internal team member to understand and assess the value, sensitivity, and criticality to the business of each data asset (and apply the relevant internal classification, if necessary).

Cyber Threats.

We take zero compromise when securing your data, our systems are secured with Avast AVG Enterprise Anti-virus and Internet Security software, Malwarebytes Anti-Exploit for Business and Anti-Ransomware.

Our systems are also monitored by our IT Support company, Endeavour Business IT Solutions Ltd, with a proactive monitoring agent on each device. Our hosted provider, use PROsecureTM, DDoSX, WAF, Threat Monitoring and Threat Response hardware and software and are Cyber Essentials + certified.

Backup.

Our VM Level Backups are taken every 24 hours, with a retention time of 28 days.

Microsoft 365 automatically backs up data every 12 hours and retains it for 14 days, meaning Microsoft performs a basic backup within their cloud infrastructure

Azure backups are managed through the Azure Backup service, which stores data in a Recovery Services vault, essentially taking snapshots of virtual machine disks and transferring the data to the vault for safekeeping, allowing for easy restoration if needed; this process utilises incremental snapshots to only capture changes since the last backup, optimising storage usage and minimising data transfer volume.

Confidentiality or Non-Disclosure Agreements

Confidentiality clauses are included in the standard staff contract, which all members of staff sign. This is reviewed and updated regularly. The latest review and update was 8^th October 2024.
Non-Disclosure Agreements are used between the organisation and our clients/partners in exchange for sensitive information.

Legal Guidance.

Identification of applicable legislation and contractual requirements Legislation has been identified which is applicable to the organisation.

Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679	Protects individuals against the use of personal information by another individual or organisation.
Freedom of Information Act 2000	Provides individuals with the right to access information held by public authorities and those providing services for them.
Computer Misuse Act 1990	Protects the right of individuals and organisations to preserve the confidentiality and integrity of their computer data.
Copyright Designs and Patents Act 1988	Protects intellectual property, i.e. protects the interests of an individual, or an organisation that employs such individuals, whose ownership of novel, creative or inventive work is recognised in law.

Electronic Communications Act 2000	Protects the interests of society by restricting the use of cryptographic techniques so that the Government and its authorised agents are able to decrypt any message that is legitimately intercepted.
Digital Economy Act 2017	Provisions relating to electronic communications infrastructure and services.
Regulation of Investigatory Powers Act 2000	Protects the originators of electronic communication from its interception without lawful authority and protects employees from unreasonable monitoring.
Public Interest Disclosure Act 1998	Protect employees who, in the public interest, disclose criminal or civil wrongdoing by their employer.

Intellectual Property Rights

The use of material which may be subject to IPR is protected e.g. only licenced software is installed on machines, licences and master disks are retained etc.

Asset registers are in place and no document or data is copied or transferred without permission.

Protection of Records

This is carried out as detailed in the Document Control procedure of ISO9001. Various policies and procedures are in place including a record retention policy. A copy of our latest record retention policy is available on request.

Privacy and Protection of Personally Identifiable Information

The requirements of the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 are complied with throughout the company. We have Data Protection and Data Privacy policies in place and a copy of these latest policies is available on request.

Compliance with Security Policies and Procedures

Audits and spot checks are carried out by both the Manager and by other auditors e.g. QSAs for PCI compliance.

Annual Penetration Test

Penetration Tests are tasked to be carried out annually.

Statement of Applicability and certificates

Statement of Applicability and copies of certificates can be provided on request.

Responsibilities

This commitment seeks to provide information regarding our data management protocols and has been prepared for information purposes only.

Our standard terms and conditions include binding obligations regarding our handling of data and this commitment is not intended to create a legally binding commitment.

We shall not be liable for any damage caused as a result of our failure to comply with this commitment, except to the extent that this commitment is expressly incorporated into any contract between us and our clients.