Skip to main content

Security

AssetHUB’s security policy is based on current best practice, and factors in the latest current thinking. This includes the Centre for the Protection of National Infrastructure (CPNI), and the National Cyber Security Centre (NCSC) – both of whom have been engaged with in the recent DCMS-funded Digital Connectivity Infrastructure Accelerator project of which the AssetHUB is a winning partner.

How Secure are my Assets?

AssetHUB has a strict security policy when it comes to the assets and information on the platform.
The underlying governance principle in the AssetHUB is that asset owners remain in control of their own information. The default “state” of any information in the platform is unshared, and private to the user/organisation who uploaded it.
Where a trade-off must be made between over-protecting information, or over- sharing information, the default state will be over-protective. For example if information is uploaded to the AssetHUB platform by a user within an organisation, it will only be visible to that user and the AssetHUB administrator of that organisation, it will not be shared with other users.

Who Can See Them?

All actions on the AssetHUB platform are logged, and audit logs are available to asset owners, as this is a record of who has accessed their asset data. Actions of users within an organisation will be available to administrators of that organisation, and other users they delegate audit log access to.
The AssetHUB will only allow asset information to be shared with organisations approved by the asset owner to begin with. As more asset data is loaded on to the platform, it can respond to enquiries automatically, reducing input from the asset owner whilst still tracking enquiries.

Is Platform Access Secure?

Access to the platform is managed by identified, named individual users rather than shared mailboxes or “role” accounts, in order to allow for individual user activity monitoring.
Additionally, 2-factor authentication is used to further secure logins. The platform itself is securely hosted in the UK using the Google Cloud Platform (GCP).