AppCheck Compliance, Governance & Due Diligence

It is important to AppCheck to commit to protecting the data of its customers, employees and other parties who entrust their personal or confidential data to us for processing. With worldwide levels of data breaches increasing, and an ever-changing compliance landscape, it is vital for AppCheck to regularly review and scrutinize data protection practices.

AppCheck performs due diligence and pursues conformance with relevant data protection legislation via a number of means and under a number of enforced or voluntary regulatory and legislative umbrellas and accreditation schemes, as detailed below:

AppCheck Privacy Policy
AppCheck Cookie Policy
General Data Protection Regulation (GDPR)
EU-U.S. Privacy Shield Framework
Electronic Marketing & Cookies (PECR)
ISO/IEC 27001:2013 Accreditation (Information security management systems)
Supplier Assurance & Due Diligence
UK CyberEssentials Scheme
External Assessments & Audits
Disaster Recovery & Business Continuity
Information Commissioner’s Office (ICO) & Data Protection Officer (DPO)
ISMS & Corporate Governance

AppCheck Privacy Policy & Data Subject Rights

This document informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.

Read the full Privacy Policy here

AppCheck Cookie Policy

This document informs you of our policies regarding the collection, use and disclosure of cookies we receive from users of the Site.

Read the full Cookie Policy here

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (EU) 2016/679 (commonly known as “GDPR”) is a comprehensive European privacy law that came into effect on May 25, 2018. AppCheck welcomes this law as an important step forward in standaridising data protection requirements across the European Union and as an opportunity to benchmark our existing commitments to data protection.

AppCheck is committed to providing robust and best-practice data protection measures in line with GDPR. AppCheck has taken the opporunity offered by the introduction to GDPR to ensure that existing policies, procedures and practices are aligned with GDPR requirements as well as general best-practice.

EU-U.S. Privacy Shield Framework

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Additional information can be found at https://www.privacyshield.gov/welcome

AppCheck at this time has no contracted transfer agreements to transfer data to any U.S.-based company under the Framework for storage or processing.

All AppCheck customer data is processed and stored within EEA-region data centres, and AppCheck does not contract to any US-based data processors.

Electronic Marketing & Cookies (PECR)

The Privacy and Electronic Communications (EC Directive) Regulations 2003 is a law in the United Kingdom which made it unlawful to, amongst other things, transmit an automated recorded message for direct marketing purposes via a telephone, without prior consent of the subscriber. The law implements an EU directive, the Privacy and Electronic Communications Directive 2002.

Although some portions of PECR are superseded by newer GDPR legislation, PECR remains important in establishing commitments regarding HTTP Cookie usage and Electronic Marketing in particular.

AppCheck maintains policies relating to HTTP Cookies and Electronic Marketing and ensures that its practices in this area are open, transparent, and in line with PECR legislative and regulatory requirements.

To request the full policy please email us at: marketing@appcheck-ng.com

ISO/IEC 27001:2013 Accreditation (Information security management systems)

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

AppCheck holds ISO27001:2013 accreditation, and is assessed annually via internal and external audits. You can view our certificate here.

AppCheck additionally ensures that all of its contracted data centres and cloud hosting or cloud service providers are fully compliant with ISO27001 and are formally accredited under the scheme.

Supplier Assurance & Due Diligence

AppCheck recognises that in contractual relationships, it is necessary for customers to seek assurance from vendors such as AppCheck as to their security posture, governance structure, control landscape, accreditation status and compliance position, in order for customers to proactively manage third party and supply chain risk.

In order to offer assurance in this area beyond the general compliance statements on this website, AppCheck offers two pre-completed artefacts in the form of “security questionnaires”:

* The first is a completed Vendor Security Alliance (VSA) questionnaire, which summarises our security practices (third party risk) at a high level in all areas. The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security. In collaboration with the VSA, top security experts and experienced compliance officers have devised questionnaire to benchmark supplier risk. AppCheck leverages this questionnaire to qualify their security posture and compliance position and ensure that controls in place are documented to improve security for everyone.

* The second is a completed Consensus Assessment Initiative Questionnaire (CAIQ) questionnaire, which provides an industry-accepted way (backed by the Cloud Security Alliance, CSA) to document what security controls AppCheck operates in specific relation to its IaaS, PaaS, and SaaS services.

To request completed copies of either questionnaire, please contact your account manager or, for prospective clients, please see our Contact Us page.

UK CyberEssentials Scheme

The UK Government’s Cyber Essentials Scheme was developed as part of the UK’s National Cyber Security Programme. This scheme is mandatory for the UK central government contracts that involve handling personal data and providing certain ICT products and services but may optionally be used to assess private companies such as AppCheck Ltd on a voluntary and proactive basis. The UK Cyber Essentials Scheme is backed by UK industry, including the Federation of Small Businesses, the CBI and a number of insurance organizations offering incentives for businesses.

The CyberEssentials scheme allows organisations to evidence that they are taking proactive and best-practice measures to protect the confidentiality, integrity and availability of data via secure configurations of desktop, server and networking equipment.

AppCheck has been accredited under the CyberEssentials scheme and CyberEssentials Plus scheme, following assessment by a third party Certification Body. You can view our CyberEssentials Plus certificate here

External Assessments & Audits

AppCheck contracts penetration tests and security assessments of its public-facing and internal infrastructure and application services by suitably accredited and expert third parties using CREST certified penetration testers. Vulnerabilities discovered during testing are reported to ApPCheck, and then tracked and resolved in accordance with AppCheck Vulnerability Management policy and industry best practice.

Additionally, AppCheck contracts QMS International Ltd to provide impartial and professional external audits of its ISMS governance and security programmes.

Disaster Recovery & Business Continuity

AppCheck maintains a Disaster Recovery plan that supports a robust business continuity strategy for key production services, systems and platforms. This plan has been developed from industry-accepted methodologies including ISO27000 standards, and encompasses principles of highly-available engineering. The Disaster Recovery plan is regularly measured against strict regulatory and governance requirements, and the company schedules regular firedrills to test the effectiveness of existing DR plans in a continuous improvement cycle.

 

Information Commissioner’s Office (ICO) & Data Protection Officer (DPO)

AppCheck is registered with the ICO Data Protection Register, reference number ZA442854 (click here to view our ICO registration certificate). AppCheck has also appointed a Data Protection Officer (DPO) who is registered with the ICO and can be contacted with any data protection queries at grahamb@appcheck-ng.com.

ISMS & Corporate Governance

AppCheck has in place a robust ISMS governance structure, including an ISMS review committee that performs regular ISMS review meetings to ensure continual improvement in the operation of our established ISMS.

The AppCheck ISMS review committee meets regular to review and update organisational security practices, policies and controls and to review the threat landscape. The committee tracks risks to AppCheck in a Risk Register, and performs Risk Assessment and Data Protection Impact Assessments at the inception of new projects as needed.

Reports and minutes of ISMS review meetings are maintained.

 

Further Information

If you have any queries or you wish to speak to us about how your information will be used, then please contact us at AppCheck Ltd Unit 19, Pavilion Business Park, Royds Hall Road, Leeds LS12 6AJ and / or marketing@appcheck-ng.com and / or 0113 887 8380.

Any changes we may make to our policies in the future will be posted on the relevant page and, where appropriate, notified to you by email. Please check back regularly for updates.

This policy version is dated 15.10.2019