Data Security

At Checkdone IT, we recognise that data is our most valuable asset. Whether it involves sensitive customer records, intellectual property or confidential communications, protecting this information is fundamental to our mission. Our Data Security strategy goes beyond basic protection. It provides a layered, intelligent defence that adapts to evolving risks across on-premises, cloud and hybrid environments.

From preventing accidental data loss to detecting malicious activities and encrypting data at rest and in transit — we ensure data remains private, accurate and accessible only to authorised users.

Data Loss Prevention (DLP)

Accidental data leakage is one of the most common and damaging risks facing organisations today. Our Data Loss Prevention (DLP) solutions play a critical role in safeguarding sensitive information by enforcing usage policies and preventing unauthorised sharing.

DLP enables us to:

  • Monitor email, endpoints and cloud storage for sensitive data

  • Detect and block unauthorised transfers of confidential or personal information

  • Educate users with real-time policy tips when risky behaviour is detected

Our policies define clear handling rules:

  • Confidential data must not be shared externally without encryption

  • Personal data transfers must comply with privacy regulations

  • Violations are logged and escalated for review

All exceptions are recorded in DLP Policy Exception Forms for auditing and accountability.

Data Security Posture Management (DSPM)

With growing data sprawl across cloud environments, visibility becomes a major challenge. Data Security Posture Management (DSPM) gives us the insight we need to assess and improve our security posture continuously.

DSPM allows us to:

  • Discover where sensitive data resides across cloud platforms

  • Assess misconfigurations and policy violations

  • Continuously monitor for unauthorised access or exposure

Our DSPM process flows include:

  • Automated scans scheduled weekly

  • Findings documented in the Data Risk Register

  • Remediation tasks assigned and tracked until closure

DSPM ensures we stay compliant with data protection standards and reduce risk from shadow data.

Data Detection and Response (DDR)

Prevention is essential, but detection and rapid response are equally important. Our Data Detection and Response (DDR) capabilities help us identify and contain data-centric threats before they escalate.

DDR provides:

  • Real-time alerts on suspicious access patterns

  • Anomaly detection (e.g. mass downloads or off-hours access)

  • Automated incident response playbooks

When threats are detected, incidents are logged in the Data Incident Register, where they are investigated by our security operations team and resolved according to our incident management procedures.

Data Classification

Understanding which data is most valuable is critical to securing it. Through Data Classification, we apply metadata labels to categorise data based on sensitivity and regulatory requirements.

Classification categories include:

  • Public

  • Internal

  • Confidential

  • Restricted (e.g. personal or regulated data)

Our classification rules are enforced automatically by our DLP, DSPM and encryption solutions, ensuring that data handling policies are respected across the organisation.

All classification actions are logged in our Data Classification Audit Log for traceability and compliance reviews.

Data Encryption

Encryption protects data in the event of theft or accidental exposure. We apply robust Data Encryption across all environments:

  • Data at Rest — Encrypted using AES-256 across databases, file systems and backups

  • Data in Transit — Secured with TLS to prevent interception

  • Data in Use — Protected through tokenisation and masking where appropriate

Encryption policies require:

  • All sensitive data must be encrypted at rest and in transit

  • Encryption keys are securely managed and rotated regularly

  • Exceptions require approval via Encryption Policy Exception Forms

Enabling Data-Driven Confidence

At Checkdone IT, data security is about more than technology — it’s about trust. By embedding DLP, DSPM, DDR, classification and encryption into our daily operations, we empower our teams to work confidently and compliantly.

With intelligent protection and continuous oversight, we make sure that wherever our data lives and however it flows, it remains safe, secure, and only in the right hands.

Avanan

Bastion 365

Barracuda

Bitdefender

Censornet

Checkpoint

Cloudflare

GFI

Ironscales

ProofPoint

Q-Feeds

RedSift

SecuMailer

Silverfort

SmartLockr