Security Policy

1. Overview

Trcoms Hosting is committed to maintaining the highest standards of information security to protect our clients' data and infrastructure. This Security Policy outlines our comprehensive security framework.

2. Infrastructure Security

2.1 Data Centre Security

• 24/7 physical security monitoring
• Biometric access controls
• Environmental controls (temperature, humidity, fire suppression)
• Redundant power and network connectivity
• Regular security audits and certifications

2.2 Network Security

• Enterprise-grade firewalls
• DDoS protection and mitigation
• Intrusion Detection and Prevention Systems (IDPS)
• Network segmentation and isolation
• Encrypted data transmission (TLS 1.3+)

2.3 Server Security

• Dedicated servers with logical isolation
• Regular security patching
• Vulnerability scanning and assessment
• Secure configuration management
• Host-based intrusion detection

3. Access Control

3.1 Authentication

• Multi-factor authentication (MFA) for administrative access
• Strong password policies
• Secure session management
• Single Sign-On (SSO) capability for enterprise clients

3.2 Authorisation

• Role-based access control (RBAC)
• Principle of least privilege
• Regular access reviews
• Audit logging for all privileged actions

4. Data Protection

4.1 Encryption

• Data encrypted at rest (AES-256)
• Data encrypted in transit (TLS 1.3+)
• Secure key management
• Regular encryption key rotation

4.2 Data Sovereignty

• Client data remains the exclusive property of the Client
• No data mining or commercial exploitation
• Transparent data location disclosure
• GDPR and UK GDPR compliant

5. Monitoring and Incident Response

5.1 Continuous Monitoring

• 24/7 security monitoring
• Real-time threat detection
• Security Information and Event Management (SIEM)
• Behavioural analytics

5.2 Incident Response

• Documented incident response procedures
• Rapid containment and remediation
• Client notification for data breaches (as required by law)
• Post-incident analysis and improvement

6. Compliance

Trcoms maintains compliance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations 2003
• ISO 27001 (Information Security Management)
• SOC 2 Type II (where applicable)

7. Backup and Disaster Recovery

• Regular automated backups
• Geographically redundant backup storage
• Tested restoration procedures
• Disaster recovery planning
• RTO/RPO commitments as per SLA

8. Vulnerability Management

• Regular vulnerability scanning
• Patch management for operating systems and applications
• Penetration testing (annual or as required)
• Bug bounty programme

9. Client Responsibilities

To maintain a secure environment, clients must:

• Maintain strong, unique passwords
• Enable multi-factor authentication where available
• Keep their software and applications up to date
• Implement appropriate access controls for their users
• Maintain independent backups of critical data
• Comply with our Acceptable Use Policy

10. Security Communications

• Regular security advisories to clients
• Transparent disclosure of security incidents
• Security best practices documentation
• Dedicated security contact (security@trcoms.com)

11. Policy Review

This Security Policy is reviewed annually and updated as necessary to reflect changes in technology, threats, and regulatory requirements.