Our Policy

Security is at the core of everything we do

/Our Policy
Our Policy2018-11-14T15:25:05+00:00

Taxback International is ISO 9001 and ISO 27001 Certified

Taxback International have invested extensively in protecting your data, including Personally Identifiable Data (PII) from data in motion, data at rest to data in use with the best architectural and processes in line with the strictest industry standards (ISO 27001 and GDPR compliance).

Communication
Security

(Data in Motion)

  • Transport Layer Security (TLS 1.2) encryption for all users TLS 1.2 encryption on all external communication channels and all data is classified from the 1st connection
  • All internal communication channels are secured via IPsec VPN site-to-site tunnel
  • As easy to opt-in as it is to opt out

Data
Security

(Data at Rest)

  • Standard 256bit encryption for file storage
  • Encryption at rest: Full archive area with secure deletion process and database encryption
  • Sensitive vs Non Sensitive: All Data is classified and encrypted at each level of communication.
  • No personal/sensitive information stored in public-facing services

ARCHITECTURAL
Security

(Data in Use)

  • Data protection by default and by design: no access principles across technology
  • Segregated three-tier secure architecture
  • Segregated application architecture –Operations systems are LAN accessible only
  • Firewall segregated LAN, WAN and DMZ

Process
Security

(Security by Design)

  • Software automated data retention policy and secure deletion
  • ISO 27001 Certified (accredited through Certification Europe)
  • Data Protection Officer and IS Champions embedded within Taxback International
  • 24/7 data breach notification policy and escalation procedures built into standard operating procedures

Security at the Core of Technology and Practices

Communication
Security

"Our standards are on par with Banking standards"

  • Only the best in market proven data encryption certified processes
  • All data is classified and coded from the 1st connection which is important to protect data particularly sensitive PII data
  • Each packet of data received is separately encrypted during a communication session as it is moved from public to private domains

Data
Security

"Defense in Depth Strategy
is our policy"

  • Application of multiple security measures at database & field level
  • Proactive encryption added to data at rest and inbuilt deletion protection area
  • Our data is never stored in cloud based/public domain locations.

ARCHITECTURAL
Security

"3 Tiered Architecture designed to control access/risks"

  • Segregation of applications and systems with Firewall protection enhances our security
  • Employee access aligned to role and controlled by design & structure
  • Segregated application architecture –Operations systems are LAN accessible only

Process
Security

"Security
everyday 24/7"

  • Security at core of Technology, People & Processes
  • Retention of data only as per VAT/Tax Scope with clear deletion policy for other
  • Active practice of ISO 27001 policies and principles every day

Looking for more information on our policy?

Get in touch