We utilise triple layer security. The data is held securely online in Microsoft’s data centres. It is backed up to multiple locations, all with 24 hour monitored physical security. The data access has encrypted security codes. In addition each CORS user has their own password known only to them (even CORS staff cannot see this). We monitor every system that attempts to access the database, so we can track unauthorised attempts to access the data. The data is held entirely online, not locally on your systems, meaning it is never at risk should there be theft of your computer equipment or unauthorised access to your computer systems.
Of course it is important that your organisation has its own data security protocols that meet the latest data protection legislation and ensures that staff follow their own risk management strategies e.g. not leaving laptops or PCs logged in when unattended, not sharing passwords etc.