Firstly, by data I’m referring to any information in OutNav – words, files, images, account holder details and so on – as well as the software itself.
When it comes to securing your organisation’s data, it is important to appreciate that data security is a two-way thing: We, as the data processor, take responsibility for keeping your data safe as soon as you put it in OutNav and you, as an OutNav user and data controller, take responsibility for what data you put into OutNav.
Let’s look at these two sides in more detail.
How we keep your data safe
As soon as you put data into OutNav, we do everything we can to keep it safe. Each component of the infrastructure is individually secured, with firewalls, locked down security groups, data encryption, rotating encryption keys and other features in place to secure data on and between them further.
OutNav is a cloud-based software, an on-demand service delivered over the Internet, which makes it as flexible as the teams that use it. We also keep your data safe when it is ‘in transmission’ over the Internet (from your browser to us and back again) over HTTPS connections (Hypertext Transfer Protocol Secure – in other words, encrypted secure communication).
Data is securely held in the UK
All of the services that we use for storing OutNav data, from the software build level to the data that you as an OutNav user put into the software, are located in the UK.
All OutNav data is held on Amazon Web Services (with Fort Knox style account security put in place by Steve) in servers located within the UK. The OutNav databases are mirrored across multiple data centres to ensure that there is minimal risk of loss if a server goes down.
Keeping your work backed up
As well as storing data across multiple sites, we take daily automatic snapshots of the OutNav databases, combined with automatically synchronised replicas, which means that the data is both backed up and resilient.
Files are stored within Amazon’s S3 (Simple Storage Service) product, which is designed for 99.999999999% (11 nines!) of durability, and is used by millions of applications for companies worldwide. This level of durability means that if you stored 10,000,000 files with them, the risk of losing a single file would be one in every 10,000 years.
How you need to keep your data safe
Keep your keys safe
As an OutNav user, what you need to do is create a good quality password and keep it safe. Best practice would mean don’t share your passwords (or stick it up on a post-it in your communal office) or work on public computers.
We don’t restrict the number of OutNav users you can have working on a project in OutNav (subscriptions are based on the number of projects, not the number of users) so everyone that needs to work on a project can have their own secure access.
We will never know what your password is, even if you need to request a new one, because they are not stored in clear text.
Your password is hashed – in fact we add salt to your hash (technical terms), which means a one-way mathematical algorithm is applied to change your password into something unrecognisable to anyone. Not all websites use such practices, so don’t use your OutNav password for anything else!
Set the right levels of access in OutNav
There are several different types of user access to OutNav.
At the highest level is the Organisation Administrator(s) with complete access to everything, including adding users and setting their levels of access, and adding or deleting projects. All other users are Organisation Members, and they can have one of three levels of access: Project Administrator, Project Member or Project Reader. More information is available in the OutNav knowledge base.
Organisation Administrators should use the principle of least privilege to give people the access they need to do what they need to do (and no more).
When you want to share your work outside of your OutNav team – to your funders or key stakeholders perhaps – then you can use OutNav’s live reporting function and apply a password if you’re not ready to share your organisation’s story publicly.
Know your personal data protection obligations
The final area of data protection that you always need to have in your mind as an OutNav user is GDPR. For example, don’t include personal identifiers in your evidence or analysis, or upload photos with personally identifiable people in them without their permission.
We’re here to help
If at any point you need help in OutNav you have access to our knowledge base and can raise a help ticket, which one of us will respond to the same or next working day. We also host free OutNav Community support events, including our regular online OutNav Clinic.