Data Protection Registration

People is registered with the Information Comissioner’s Office (ICO) under our parent organisation Access UK Ltd. This means we are contractually committed to delivering our services in compliance with the Data Protection Act (DPA). We are also committing to complying with all requirements of GDPR.ICO Registration Number: Z5042164

Proactive Threat Detection

As a customer you are automatically enrolled onto our People Managed Security Service. Actively searching for threats is important for keeping your business safe. That's why we ensure we have a team that monitors and manages our environment 24x7x365, using advanced technology and analytics.


Our environment is looked after by a 24x7x365 Customer Security Operations Center (CSOC), staffed by best-in-breed, GCIA- and GCIH-certified security analysts, whose credentials meet or surpass industry standards.


Using People Managed Security Service means we don't just detect threats, but we also rapidly respond to them - performing appropriate remediation based on pre-approved actions.


Our partnership with Rackspace means we actively counteract threat activity through industry-leading host and network protection, threat intelligence and security analytics, log management and vulnerability management technologies including Alert Logic.

Vormetric Enterprise Encryption

People implements Vormetric Enterprise Encryption with Rotating Keys to protect all your data including uploaded files and documents. Vormetric is the leader in Enterprise Encryption and Key Management for corporations. Vormetric not only encrypts all data at rest, including documents and backups, it also enables privileged user access control, and creates activity logs.

Penetration Testing

We commission regular independent penetration testing of our infrastructure, to ensure we keep our system free from vulnerabilities. With many high profile customers in the financial sector, we recognise the need for tight security at a very technical level. We therefore use a highly-respected penetration testing provider, to ensure we do everything possible to protect your data.


People is GDPR compliant. Our data protection officer is Tracy Wiseman, who is a General Data Protection Regulation (GDPR) Practitioner.

The General Data Protection Regulation expands and standardises data protection across the whole of the EU and came into force on May 25 2018.

Click here to visit our GDPR page

Rackspace – Trusted Globally

We store your data securely using RackSpace – one of the world’s most trusted cloud-computing platforms.

Click here to find out more about Rackspace

Information Security Frequently Asked Questions

Our Information Security team is responsible for ensuring our InfoSec policies are compliant, and properly implemented. They also handle many of the InfoSec questions raised by our clients. To help you find key answers quickly, we have compiled and consolidated some of the most frequently asked questions below:

Who owns our data?

Your data belongs to you. As our customer, you are classed as the ‘data controller’. As your supplier, we are classed as the ‘data processor’.

What happens to our data when we leave?

We provide you with an export of all your data, and then remove it from our systems within 45 days. Any documents you uploaded will be returned in their original format. Anything else is sent in CSV format.

How often is our data backed up?

Your data is backed up per transaction (each time you do something), per hour, and per night. In the event of a total failure, our infrastructure within the data centre means we can recover your data quickly and reliably (see below). If you have particular governance rules, you may also create your own backups using our offline backup tool.

Where is our data stored – and is it safe?

We store your data in Rackspace’s state-of-the-art data centre in London, UK. Rackspace protects the servers where your data is stored and managed, through biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control. In keeping with Data Protection Act requirements, we guarantee that your data will never be moved outside of the EEA (European Economic Area). Your data is also encrypted using TLS and AES.

Who can access my data?

Only you, and a small number of vetted and authorised People personnel, can access your data. Any member of this specialist People team, will only ever access your data to perform specific tasks on your request via our support desk – and any action they take is logged and easily auditable. Access to any sensitive data is extensively logged, and requires fixed IP addresses and two-factor authentication.

What type of Firewalls do you use?

The People application, and any data you store within it, is protected by Cisco-powered firewalls.

2 Step Authentication

People supports 2FA using the Google Authenticator application on a smartphone. Once activated only authorised devices can be used to login.