We know you need to validate compliance to trust a cloud service provider. We work
hard to get certifications and strive to adhere to widely accepted standards and
regulations to keep you at ease. We also test our operations, environment, and controls
using independent third-party advisors and publish their reports and opinions as they
become available.
ISO27001 - Information Security Management System
ISO27001 is recognized as the premier information security management system
(ISMS) standard worldwide. ISO27001 also leverages the comprehensive security
controls detailed in ISO27002. The basis of this certification is the development and
implementation of a rigorous security management program, including the development
and implementation of an Information Security Management System (ISMS). This
widely-recognized and widely-respected international security standard specifies that
companies that attain certification also:
- Systematically evaluate our information security risks, taking into account the
impact of security threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls to
address security risks
- Implement an overarching audit and compliance management process to ensure
that the controls meet our needs on an ongoing basis
Our Service Providers
We hold our service providers to very high standards. Data centers, co-location and
managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to
verify their practices. PayMyVAT reviews the results of these audits at least annually as
part of our vendor management program. In the event these audits have material
findings which we determine present risks to PayMyVAT or our customers, we work with
the service provider to understand any potential impact to customer data and track their
remediation efforts until the issue has been resolved.
Validating our Practices
Independent third-party audits
We use independent third-parties to audit our practices against most sought after
standards and regulations in the world. These reviews occur at least annually and are
conducted by highly-respected audit and security firms that are independent and
thorough in their evaluations. We take their reports very seriously and have processes
in place to address any issues that present risks to us or our customers.
External and internal application security testing
Our security team performs automated and manual application security testing and
network vulnerability testing on an on-going basis to identify and patch potential security
vulnerabilities and bugs on our desktop, web, and mobile applications. We also work
with third-party security specialists, as well as other industry security research
community members.
Continuous Improvement
A critical part of any information security management program is the continual
improvement of security and compliance programs, systems, and controls. PayMyVAT
is committed to soliciting feedback from different internal teams, customers, internal and
external auditors, and improving our security, privacy and compliance processes and
controls over time.