AppCheck Compliance, Governance & Due Diligence

It is important to AppCheck to commit to protecting the data of its customers, employees and other parties who entrust their personal or confidential data to us for processing. With worldwide levels of data breaches increasing, and an ever-changing compliance landscape, it is vital for AppCheck to regularly review and scrutinize data protection practices.

AppCheck performs due diligence and pursues conformance with relevant data protection legislation via a number of means and under a number of enforced or voluntary regulatory and legislative umbrellas and accreditation schemes, as detailed below:

AppCheck Privacy Policy
AppCheck Cookie Policy
General Data Protection Regulation (GDPR)
EU-U.S. Privacy Shield Framework
Electronic Marketing & Cookies (PECR)
ISO/IEC 27001:2013 Accreditation (Information security management systems)
Security Assurance Questionnaires
UK CyberEssentials Scheme
External Assessments & Audits
Disaster Recovery & Business Continuity
ISMS & Corporate Governance

AppCheck Privacy Policy & Data Subject Rights

This document informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.

Read the full Privacy Policy here

AppCheck Cookie Policy

This document informs you of our policies regarding the collection, use and disclosure of cookies we receive from users of the Site.

Read the full Cookie Policy here

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (EU) 2016/679 (commonly known as “GDPR”) is a comprehensive European privacy law that came into effect on May 25, 2018. AppCheck welcomes this law as an important step forward in standaridising data protection requirements across the European Union and as an opportunity to benchmark our existing commitments to data protection.

AppCheck is committed to providing robust and best-practice data protection measures in line with GDPR. AppCheck has taken the opporunity offered by the introduction to GDPR to ensure that existing policies, procedures and practices are aligned with GDPR requirements as well as general best-practice.

EU-U.S. Privacy Shield Framework

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Additional information can be found at https://www.privacyshield.gov/welcome

AppCheck at this time has no contracted transfer agreements to transfer data to any U.S.-based company under the Framework for storage or processing.

All AppCheck customer data is processed and stored within EEA-region data centres, and AppCheck does not contract to any US-based data processors.

Electronic Marketing & Cookies (PECR)

The Privacy and Electronic Communications (EC Directive) Regulations 2003 is a law in the United Kingdom which made it unlawful to, amongst other things, transmit an automated recorded message for direct marketing purposes via a telephone, without prior consent of the subscriber. The law implements an EU directive, the Privacy and Electronic Communications Directive 2002.

Although some portions of PECR are superseded by newer GDPR legislation, PECR remains important in establishing commitments regarding HTTP Cookie usage and Electronic Marketing in particular.

AppCheck maintains policies relating to HTTP Cookies and Electronic Marketing and ensures that its practices in this area are open, transparent, and in line with PECR legislative and regulatory requirements.

To request the full policy please email us at: marketing@appcheck-ng.com

ISO/IEC 27001:2013 Accreditation (Information security management systems)

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

AppCheck ensures that all of its contracted data centres and cloud hosting or cloud service providers are fully compliant with ISO27001 and are formally accredited under the scheme.

Security Assurance Questionnaires

AppCheck recognises that in contractual relationships, it is necessary for customers to seek assurance from vendors such as AppCheck as to their security posture, governance structure, control landscape, accreditation status and compliance position, in order for customers to proactively manage third party and supply chain risk.

In order to proactively offer assurance in this area, as well as these compliance statements on its website, AppCheck offers a more detailed pre-compelted vendor security questionnaire available to customers and potential customers, using the Vendor Security Alliance (VSA) questionnaire template.

The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security. In collaboration with the VSA, top security experts and experienced compliance officers release a yearly questionnaire to benchmark their risk. AppCheck leverages this questionnaire to qualify their security posture and compliance position and ensure that controls in place are documented to improve security for everyone.

See AppCheck VSA Questionnaire FAQs here

UK CyberEssentials Scheme

The UK Government’s Cyber Essentials Scheme was developed as part of the UK’s National Cyber Security Programme. This scheme is mandatory for the UK central government contracts that involve handling personal data and providing certain ICT products and services but may optionally be used to assess private companies such as AppCheck Ltd on a voluntary and proactive basis. The UK Cyber Essentials Scheme is backed by UK industry, including the Federation of Small Businesses, the CBI and a number of insurance organizations offering incentives for businesses.

The CyberEssentials scheme allows organisations to evidence that they are taking proactive and best-practice measures to protect the confidentiality, integrity and availability of data via secure configurations of desktop, server and networking equipment.

AppCheck has voluntarily elected to pursue CyberEssentials accreditation, and has contracted a third party Certification Body to audit AppCheck under the scheme.

External Assessments & Audits

AppCheck contracts penetration tests and security assessments of its public-facing and internal infrastructure and application services by suitably accredited and expert third parties using CREST certified penetration testers. Vulnerabilities discovered during testing are reported to ApPCheck, and then tracked and resolved in accordance with AppCheck Vulnerability Management policy and industry best practice.

Additionally, AppCheck contracts QMS International Ltd to provide impartial and professional external audits of its ISMS governance and security programmes.

Disaster Recovery & Business Continuity

AppCheck maintains a Disaster Recovery plan that supports a robust business continuity strategy for key production services, systems and platforms. This plan has been developed from industry-accepted methodologies including ISO27000 standards, and encompasses principles of highly-available engineering. The Disaster Recovery plan is regularly measured against strict regulatory and governance requirements, and the company schedules regular firedrills to test the effectiveness of existing DR plans in a continuous improvement cycle.

ISMS & Corporate Governance

AppCheck has in place a robust ISMS governance structure, including an ISMS review committee, and an appointed Data Protection Officer registered with the ICO Data Protection Register.

The ApPCheck ISMS review committee meets regular to review and update organisational security practices, policies and controls and to review the threat landscape. The committee tracks risks to AppCheck in a Risk Register, and performs Risk Asessment and Data Protection Impact Assessments at the inception of new projects as needed.

Reports and minutes of ISMS review meetings are maintained.

Further Information

If you have any queries or you wish to speak to us about how your information will be used, then please contact us at AppCheck Ltd Unit 19, Pavilion Business Park, Royds Hall Road, Leeds LS12 6AJ and / or marketing@appcheck-ng.com and / or 0113 887 8380.

Any changes we may make to our policies in the future will be posted on the relevant page and, where appropriate, notified to you by email. Please check back regularly for updates.

This policy version is dated 15.10.2019