SchemeServe is hosted on Microsoft Azure infrastructure within the United Kingdom.

Online data is stored in the Azure data centre. This architecture provides resilience by ensuring that services and data is not dependent on a single physical location.

SchemeServe maintains multiple layers of database backups to ensure that data can be recovered quickly in the event of an incident.

Key backup features include:

• Point-in-time recovery for databases, allowing restoration to within 1 second of data loss
• Continuous backup storage in Azure
• Full backups stored across multiple locations

Recovery procedures are regularly tested as part of SchemeServe's business continuity process, with full database recovery verified from backup sources within four hours.

Actual downtime in a recovery scenario will depend on the specific cause and circumstances of the incident.

SchemeServe includes comprehensive auditing capabilities that track system changes and user activity.

Audit logs allow administrators to review:

• Log ins
• Changes made to schemes, rules, insurers, and configuration
• Updates performed by specific users
• System events across a defined time period
• Individual policies also include an activity log, which provides a timeline of actions such as:
• Clearing referrals
• Putting a policy on cover
• Policy updates or administrative actions

These logs help provide accountability, transparency, and easier troubleshooting.

See: Audit Logs and Activity Tracking

Access to SchemeServe is controlled using role-based user permissions.

Each user is assigned a user type, which determines what areas of SchemeServe they can access and what actions they can perform.

This structure ensures users only have access to the functions and data required for their role, helping to protect sensitive configuration and policy information.

SchemeServe enforces secure account authentication practices to protect user accounts.

Security measures include:

• Password strength requirements
• Secure login over encrypted connections
• Multifactor authentication
• Controlled user account creation and management

Users are responsible for maintaining the security of their login credentials and ensuring that access to accounts is restricted to authorised individuals.

See also: Password Strength

All data transmitted between users and SchemeServe is protected using secure HTTPS/TLS (minimum 1.2) encryption.

In addition:

• Database storage is encrypted both and rest and during transit.
• Backups are also encrypted at rest and during transfer

These measures ensure that sensitive data remains protected while being stored and transmitted.

SchemeServe maintains a business continuity and disaster recovery process to ensure service reliability.

This includes:

• Redundant cloud infrastructure
• Automated database backups
• Tested recovery procedures
• Support processes for responding to incidents

These controls are designed to minimise service disruption and ensure that systems can be restored quickly if required.

SchemeServe is continuously monitored to detect system issues and maintain service availability.

Monitoring processes allow the team to:

• Identify infrastructure or performance issues
• Respond quickly to potential incidents
• Maintain platform reliability and uptime

Any incidents are handled according to internal operational procedures and support escalation processes.

For security and compatibility reasons, SchemeServe supports modern web browsers that receive regular security updates.

Using supported browsers ensures that SchemeServe benefits from the latest security patches, improved performance, and up-to-date encryption standards.

SchemeServe is compatible with most modern browsers, including:

• Google Chrome (recommended)
• Mozilla Firefox
• Microsoft Edge (Chromium-based)
• Safari (latest versions)

We strongly recommend using Google Chrome for the best performance and compatibility with SchemeServe.

Older browsers are often unstable, less secure, and more vulnerable to viruses and malware. They are also more likely to crash and may not display or process modern web applications correctly.

Important Note:
SchemeServe does not support any version of Internet Explorer (IE). While it may still function in some cases, this is not guaranteed and is not supported.

SchemeServe’s infrastructure and operational processes are designed to align with a number of recognised security and regulatory frameworks. These include:

• GDPR (General Data Protection Regulation)
• tbc
  
  Alignment with these frameworks reflects SchemeServe’s commitment to maintaining recognised standards for security, data protection, and regulatory compliance.

SchemeServe's security and quality standards:

• ISO 27001 – Information Security Management
• ISO 9001:2015 – Quality Management
• GDPR compliance