An overview of compliance at Data Zoo
Data Zoo is a progressive company committed to setting the benchmark and ultimate standard in electronic ID verification solutions. Our clients’ trust and their customers’ privacy underpins the approach we take to information security. We have designed, developed, and implemented industry best practices, as well as comprehensive information security controls which ensure that all sensitive data that passes through our systems is secured appropriately. Data Zoo takes cyber security seriously and undertakes regular and independent vulnerability and penetration testing that simulates both passive and active targeted attacks.
The overall data management process of Data Zoo includes auditing all our data suppliers’ collection practices, data quality, and end user compliance obligations – this is conducted in alignment with individual country privacy legislation and regulations, and applicable GDPR controls, to guarantee the appropriate storage and use of all data within our systems.
Data Zoo is ISO 27001:2013 certified, adheres to relevant GDPR controls, and is currently working towards SOC 2 and SOC 2+ certifications.
Version 005 (Updated 30th October 2019)
Data Zoo has a serious obligation to fulfil it’s Information Security, Code of Conduct, Operational and Physical Security, Anti-Bribery and Corruption, and Data Life Cycle Management requirements. Please see the link below to access our full Security Policy covering these and other important aspects of the Data Zoo approach to security.
As of the 25th of May 2018, the EU General Data Protection Regulation (GDPR) reinforces the data subject’s rights regarding their personal data and pursues to merge individual data protection laws across Europe.
GDPR enforces stringent requirements on the companies that are managing personally identifiable information (PII), including images of government-issued IDs, biometric information and other sensitive information. To learn more about GDPR, please see the official information portal at https://eugdpr.org/.
We take our duties under GDPR seriously, and ensure Data Zoo’s identity ecosystems adheres to the relevant controls. Data Zoo is committed to protecting individual’s personal information in every sense, and welcomes the GDPR with open arms. We are revising and apprising all our internal processes, procedures, data systems and documentation in order to ensure that our company complies with GDPR.
For more information on how Data Zoo addresses GDPR compliance in regards to specific controls, please contact [email protected]. Or if you’re an existing customer, please get in touch with your customer service representative via email or phone.
ISO 27001 Certification
Data Zoo’s Information Security Management System (ISMS) is certified against the ISO/IEC 27001:2013 international standard for information security management. Our certification scope covers Data Zoo’s corporate operations, hosted IDU platform, databases and BCP.
Data Zoo is proud to have achieved ISO 27001:2013 certification; an internationally recognised certification for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
Appropriate internal compliance audits are conducted on a quarterly basis, with regular surveillance audits conducted by a certified external industry professional to ensure the integrity of the certification. As per our ISO 27001:2013 compliance, we conduct regular staff training on appropriate information security practices, physical security and privacy policies. We have implemented stringent controls to protect our ISMS, and our staff hold the privacy and security of our customers in the highest regard.
Employee Due Diligence & Code of Conduct
Data Zoo will conduct background, Sanctions and criminal checks on all team members prior to employment and engagement. Employees are required to sign and acknowledge their information security responsibilities before starting with Data Zoo and again when subsequent policy changes are made.
It is required that all staff attend annual information security awareness training.
The Data Zoo HR policy is classified as “Company Confidential” according to the information classification policy. This information can be shared only to the extent necessary to effectuate the transaction and only insofar as is consistent with Data Zoo’s obligation to serve the client’s interests.