Cumplimiento y certificaciones
TeamFeePay maintains an information security programme aligned with ISO/IEC 27001, ISO/IEC 27018, and PCI DSS. Independent auditors assess our controls on a recurring basis and the latest reports are available below to authenticated parties.
Certificaciones
Atestaciones independientes de terceros frente a estándares internacionales de seguridad de la información y privacidad.
ISO/IEC 27001:2022
Information security management system standard, certified annually with surveillance audits.
ISO/IEC 27018:2019
Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
PCI DSS Level 2
Payment Card Industry Data Security Standard — Level 2 service provider. Our PCI compliance is generated and maintained through our payment processor Stripe, who handle card data on our behalf so we never store, process or transmit cardholder data directly.
Cumplimiento normativo
Regímenes legales bajo los que operamos en el Reino Unido. Cada entrada describe la ley y cómo cumplimos con ella.
UK GDPR
UK General Data Protection Regulation
The UK's primary data protection regime for personal data — the retained EU GDPR as it forms part of UK law, read alongside the Data Protection Act 2018.
DPA 2018
Data Protection Act 2018
The UK statute that supplements the UK GDPR, applies the regime to processing outside its scope, and sets out exemptions, offences and the ICO's powers.
PECR
Privacy and Electronic Communications (EC Directive) Regulations 2003
The UK rules governing cookies, similar tracking technologies, and direct electronic marketing — sitting alongside the UK GDPR.
CMA 1990
Computer Misuse Act 1990
The UK's principal cybercrime statute, criminalising unauthorised access, unauthorised modification and the supply of tools intended for offences against computer systems.
Informes y documentos
El material público está disponible de inmediato. Los informes confidenciales se entregan tras una breve aceptación del NDA.
Descargas abiertas
Backup Policy
How we back customer data up, how often, where backups are stored, and how restore procedures are tested.
ISMS Scope
Defines what is in scope of our ISO/IEC 27001 ISMS — the products, the people, the locations and the infrastructure.
Information Classification Policy
How we classify information and what handling, storage and transmission controls apply at each classification level.
Information Security Policy
Executive-level statement of how we manage information security, the objectives we hold ourselves to, and the controls we operate.
Descargas con NDA
Access Control Policy
Rules governing access to systems, equipment, facilities and information — role profiles, joiner/mover/leaver, privileged access and review cycles.
Change Process
How changes to production systems are proposed, reviewed, approved, deployed and rolled back.
Communications Policy
Internal and external communication channels, escalation paths, and how regulatory bodies and customers are kept informed.
Disposal & Destruction Policy
Secure disposal of media, devices and printed material — including standards followed and evidence retained.
HR Security Policy
Pre-employment screening, onboarding, security awareness training, role changes and termination procedures.
Incident Management Process
How we detect, triage, contain, recover from and learn from security incidents — including customer notification SLAs.
Information Security Encryption Policy
Standards for data at rest and in transit, key management, certificate handling and cryptographic algorithm allow-list.
Physical & Environmental Security Policy
Controls protecting our offices, equipment and supporting infrastructure from physical and environmental threats.
Procedure for Document Control
How ISMS documentation is authored, reviewed, approved, version-controlled and retired.
Risk Assessment & Risk Treatment Methodology
The methodology used to identify, assess, treat and accept information security risk across the organisation.
Secure Development Policy
Secure SDLC practices — threat modelling, code review, dependency scanning, secrets handling and pre-release security gates.
Supplier Policy
How we evaluate, onboard, manage and offboard suppliers, including cloud service providers and sub-processors.
Vulnerability Management Policy
How vulnerabilities are identified (scanning, pentests, intelligence feeds), prioritised, remediated and verified.
Controls Register
Operational view of every implemented control: owner, frequency, last review, next review and supporting evidence.
ISO 27001 Statement of Applicability
Per-control mapping of all 93 ISO/IEC 27001:2022 Annex A controls — inclusion decision, justification, implementation and evidence.
Legal, Contractual & Regulatory Requirements
Register of the laws, regulations and contractual obligations the ISMS is designed to satisfy — UK GDPR, PCI DSS, and others.