Security Policy

  • Security

  • Safeguards and security measures

    We have many built-in features to ensure that you stay in control of who can access your data and contingency against data loss or inaccuracy. We have taken key steps to control the risks from the internet, from inside your organisation and by having the best possible procedures in Artlogic.

    Preventing unauthorised access

    Artlogic Database users connect to their database through a web browser using a username and password. It is possible for authorised users to access Artlogic Online from any computer anywhere in the world (Mac or PC). But that does not mean your data is vulnerable. There are a number of safeguards, the most important of which are under our clients' control. Firstly, setting strong passwords for users will almost neutralise the threat of unauthorised access. We also recommend that all staff change all their passwords periodically and certainly when an administrator leaves. Clients can set up IP restrictions for some or all of their users. This will prevent any logins unless they are from the permitted IP ranges (networks) for that user. This means that a user cannot use their log in credentials unless they are in the gallery. We log every connection to our servers and can trace connections if required. The system resists brute force attacks. We strongly recommend that all database users take advantage of Two Factor Authentication, where you use the free 'Authenticator' App from Google on any smartphone to validate your connection once per month and every time you connect with a new device. 

    Securing data connections and transit

    Clients can completely protect all your data in transit by choosing to connect to the database via https, using 256 bit encryption, providing similar levels of security to online banking.

    User permissions

    Clients can choose varying levels of access for different members of staff. Administrators can edit user profiles and permissions at any time (along with many other exclusive functions). For instance, administrators can decide what a user can see (e.g. financial information) and the functions they can perform, such as exporting data, sending bulk emails or generating invoices or reports.

    Protecting your data

    For systems that run on our own hardware, we perform local back-ups of all our clients' databases everyday and we back up all client data to another server in a different facility on a different network in a different ISP every night via an encrypted, firewalled connection. We store the backups for 90 days. This helps safeguard your data against any eventuality and protect you from mistakes or sabotage from your staff or ex-staff if you failed to delete their user record.

    In order to make our applications perform faster and be more resilient against the failure of an individual hard drive or machine, we use robust, global infrastructure from Google Cloud Platform and Amazon Web Services to deliver most of our services. In this case, data is always replicated across multiple servers. We also make use of Content Delivery Networks to deliver assets across the world from datacenters which might be nearer to our clients than the UK.

    Designated client administrators can choose to make a full export of your data at any time for extra peace of mind with spreadsheets of key human readable information.

    Recovery services

    We can, with a few clicks, restore data that has been deleted in bulk by users in error (or with malicious intent) with no down time at all. Because of our backup procedures and expertise, we can restore data that was changed by a user procedure days, weeks or months ago.

    Audit trails

    Apart from logging every connection to our servers, we also maintain a modification history for each key record which the administrator can view and can review what changes were made. We store this information for a minimum of 3 months, and longer if your Artlogic Database is on a Dedicated Server.

    Preventing hacking

    We never use Microsoft software for serving or mainstream CMS platforms as these are too vulnerable to attacks. We take great precautions to prevent the possibility of a hacker gaining access to any of our systems or causing any damage with any form of exploit. Full server access is only available to the most senior staff. We pay security consultants to check that there is nothing we have overlooked. 

    Support

    In order to properly support clients the support team at Artlogic must have access to their clients' systems. This is absolutely essential for us to provide support. One of the benefits of outsourcing your databases is that there are experts who can log in and see what you can see and help or advise you to perform certain tasks.

    Only trained full-time staff members will ever have access to client data. All staff sign a confidentiality agreement when they join the company which is binding in perpetuity. Our staff's special usernames and passwords do not work outside off our networks and every login is recorded.

    Further questions?

    We would be happy to talk to you about any matter relating to the security of the system including the physical security of the hardware we use, the back-up routines, data archiving and how you can restrict what individual members of your team can do. If you would like further information please contact us. Find out more about our credentials below.

    ‘Outsourced’ data services

    You might like to compare the clear security safeguards described above for our ‘always on’ service with a local database system. Although the firewall may protect you from external threats, the risks of data loss, service interruption or theft from within the gallery are often greater. Galleries don’t usually have an in-house database person who also understands how your business works. Hardware or software can fail, people make big mistakes and there can often be no reliable backups or anyone who knows what to do.

    Outsourcing reduces risk

    Across the business world, more companies are seeing the benefits of outsourcing specific data functions to database experts in their industry. Being scaleable, reliable, free of both capital costs and administrative hassle, outsourced services also can offer greater security for small and large businesses. With the right database firm your data is much more secure than if it were stored in your office where it can be corrupted, destroyed or copied by your IT guy or any intern with a memory stick.

    We believe that 'data security' is making absolutely certain that every authorised person has access to their data wherever and whenever they need it, that the system is working and because it is simple to use, they can use it faster and without making mistakes.

    We run Artlogic Online as a fixed cost subscription service with free upgrades included so that as the system continues to evolve everyone can take advantage of many new features and new technologies. It works on any computer connected to the internet so you don't need to buy or install any software. A full support service is part of the package to keep your team effective. We check our servers every two minutes and make solving your problems our top priority.

    Reviewing the two remaining options

    You could develop your own systems, but businesses are not good at making their own databases or even knowing what they want. It is very expensive and time-consuming to build your own systems and keep them working, and a continuous task enhancing the program to keep it abreast of emerging technologies and legislation.

    Some galleries choose a local database solution because they were not aware of an alternative. But businesses usually have problems managing local database systems. Getting help is often expensive and slow to arrive. Sometimes there is nobody with the responsibility or the technical understanding on your payroll and so control of the knowledge can be locked in the hands of one or two people who may not have the knowledge or time to fulfill that function properly. In addition, local, application-based solutions on your server come with all the limitations and costs of the software that drives them, such as FileMaker or Access.

    On a more positive note...

    There are many compelling technical and practical reasons for outsourcing with Artlogic Database described on our website but in relation to the alternatives, it is safe to say that local database systems cannot compete with Artlogic for the combination of security, ease of use and speed across multiple locations – where it is certainly the fastest product on the market.

    Not only does our web-based system enable you to access the system from internet enabled devices it also enables us to integrate data with websites, with our PrivateViews app and enables people directly to sign up to and unsubscribe from your email mailing list. We are also developing integrations with other online systems. 

    Outsourcing gives a specialist task to people who spend their lives working out how they can use technology to assist your business. That frees up gallery directors to get on with the things that make their company great, not get bogged down in thinking about systems.

    Our experience of data management

    Pedigree

    The original Artlogic database solution was first released in 1994. Artlogic Online was launched in 2006 offering unprecedented simplicity and functionality to improve efficiency and productivity. From the beginning we have been dedicated to providing a reliable and secure service for all our clients. Our success has been built on the trust they place in us to continue to provide the same service in the future.

    People you can trust

    At Artlogic we are data experts with twenty five years of experience and a great track record of providing a reliable and trustworthy service to organisations all over the world. We are the long-trusted data partners of many galleries, British Government funded organisations and multi-national companies. See the client list on our website.