AppCheck Compliance, Governance & Due Diligence
It is important to AppCheck to commit to protecting the data of its customers, employees and other parties who entrust their personal or confidential data to us for processing. With worldwide levels of data breaches increasing, and an ever-changing compliance landscape, it is vital for AppCheck to regularly review and scrutinize data protection practices.
AppCheck performs due diligence and pursues conformance with relevant data protection legislation via a number of means and under a number of enforced or voluntary regulatory and legislative umbrellas and accreditation schemes, as detailed below:
This document informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.
This document informs you of our policies regarding the collection, use and disclosure of cookies we receive from users of the Site.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (EU) 2016/679 (commonly known as “GDPR”) is a comprehensive European privacy law that came into effect on May 25, 2018. AppCheck welcomes this law as an important step forward in standaridising data protection requirements across the European Union and as an opportunity to benchmark our existing commitments to data protection.
AppCheck is committed to providing robust and best-practice data protection measures in line with GDPR. AppCheck has taken the opporunity offered by the introduction to GDPR to ensure that existing policies, procedures and practices are aligned with GDPR requirements as well as general best-practice.
UK-Based Hosting, Data Storage & Processing
AppCheck makes use of exclusively UK-based onshore data storage facilities for all customer data. It also selects for exclusively UK-based availability zones, regions and environments for all cloud-based storage.
Furthermore, AppCheck at this time has no contracted transfer or sub-processing agreements in place to transfer data to any company outside of the United Kingdom
Electronic Marketing & Cookies (PECR)
The Privacy and Electronic Communications (EC Directive) Regulations 2003 is a law in the United Kingdom which made it unlawful to, amongst other things, transmit an automated recorded message for direct marketing purposes via a telephone, without prior consent of the subscriber. The law implements an EU directive, the Privacy and Electronic Communications Directive 2002.
Although some portions of PECR are superseded by newer GDPR legislation, PECR remains important in establishing commitments regarding HTTP Cookie usage and Electronic Marketing in particular.
AppCheck maintains policies relating to HTTP Cookies and Electronic Marketing and ensures that its practices in this area are open, transparent, and in line with PECR legislative and regulatory requirements.
To request the full policy please email us at: firstname.lastname@example.org
ISO/IEC 27001:2013 Accreditation (Information security management systems)
The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).
AppCheck holds ISO27001:2013 accreditation, and is assessed annually via internal and external audits. You can view our certificate here.
AppCheck additionally ensures that all of its contracted data centres and cloud hosting or cloud service providers are fully compliant with ISO27001 and are formally accredited under the scheme.
Supplier Assurance & Due Diligence
AppCheck recognises that in contractual relationships, it is necessary for customers to seek assurance from vendors such as AppCheck as to their security posture, governance structure, control landscape, accreditation status and compliance position, in order for customers to proactively manage third party and supply chain risk.
In order to offer assurance in this area beyond the general compliance statements on this website, AppCheck offers two pre-completed artefacts in the form of “security questionnaires”:
* The first is a completed Vendor Security Alliance (VSA) questionnaire, which summarises our security practices (third party risk) at a high level in all areas. The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security. In collaboration with the VSA, top security experts and experienced compliance officers have devised questionnaire to benchmark supplier risk. AppCheck leverages this questionnaire to qualify their security posture and compliance position and ensure that controls in place are documented to improve security for everyone.
* The second is a completed Consensus Assessment Initiative Questionnaire (CAIQ) questionnaire, which provides an industry-accepted way (backed by the Cloud Security Alliance, CSA) to document what security controls AppCheck operates in specific relation to its IaaS, PaaS, and SaaS services.
To request completed copies of either questionnaire, please contact your account manager or, for prospective clients, please see our Contact Us page.
External Assessments & Audits
AppCheck contracts penetration tests and security assessments of its public-facing and internal infrastructure and application services by suitably accredited and expert third parties using CREST certified penetration testers. Vulnerabilities discovered during testing are reported to ApPCheck, and then tracked and resolved in accordance with AppCheck Vulnerability Management policy and industry best practice.
Additionally, AppCheck contracts QMS International Ltd to provide impartial and professional external audits of its ISMS governance and security programmes.
Disaster Recovery & Business Continuity
AppCheck maintains a Disaster Recovery plan that supports a robust business continuity strategy for key production services, systems and platforms. This plan has been developed from industry-accepted methodologies including ISO27000 standards, and encompasses principles of highly-available engineering. The Disaster Recovery plan is regularly measured against strict regulatory and governance requirements, and the company schedules regular firedrills to test the effectiveness of existing DR plans in a continuous improvement cycle.
ISO/IEC 9000:2015 (Quality Management Systems)
The International Organization for Standardization 9001 Standard (ISO 9001) is an international standard based on a number of quality management principles aimed at ensuring that businesses are duly diligent in ensuring the quality of their conducted processes, and in the quality of their offered products and services. It includes best practice recommendations aimed at ensuring a strong customer focus, the motivation and involvement of top management, utilising a process-led approach and committing to continual service and process improvement.
AppCheck has not yet been formally accredited against the ISO9001:2015 accreditation, but maintains an internal Quality Management policy that is based upon and aligned with the ISO9001 framework, to ensure a continual and ongoing focus on quality throughout the business. AppCheck may choose to pursue formal accreditation against the standard in the future.
Information Commissioner’s Office (ICO) & Data Protection Officer (DPO)
AppCheck is registered with the ICO Data Protection Register, reference number ZA442854 (click here to view our ICO registration certificate). AppCheck has also appointed a Data Protection Officer (DPO) who is registered with the ICO and can be contacted with any data protection queries at email@example.com.
ISMS & Corporate Governance
AppCheck has in place a robust ISMS governance structure, including an ISMS review committee that performs regular ISMS review meetings to ensure continual improvement in the operation of our established ISMS.
The AppCheck ISMS review committee meets regular to review and update organisational security practices, policies and controls and to review the threat landscape. The committee tracks risks to AppCheck in a Risk Register, and performs Risk Assessment and Data Protection Impact Assessments at the inception of new projects as needed.
Reports and minutes of ISMS review meetings are maintained.
If you have any queries or you wish to speak to us about how your information will be used, then please contact us at AppCheck Ltd Unit 19, Pavilion Business Park, Royds Hall Road, Leeds LS12 6AJ and / or firstname.lastname@example.org and / or 0113 887 8380.
Any changes we may make to our policies in the future will be posted on the relevant page and, where appropriate, notified to you by email. Please check back regularly for updates.
This policy version is dated 09.12.2020