SECURITY

Technology delivered to you with security and data protection as priority.

We work to streamline VAT processes while mitigating risk and enhancing data protection

Certified to ISO 27001 standards.

Taxback International are ISO27001 certified. It ensures that we handle customer data securely, and in compliance with applicable regulations. These include GDPR and other data protection laws.

We regularly review and update security policies, provide security training to staff, perform security testing, monitor compliance with security policies and conduct internal and external risk assessments.

ISO 27001 is the international standard which is recognized globally for managing risks to the security of information held. This certification shows our clear commitment to data management and protection.

VAT Compliance

One Secure Platform.

Our architecture is multi-tenant by design, data filters are applied ensuring that access to data is restricted based on job role and associated access privileges.

Data in transit is encrypted using SSL certificates (TLS 1.2) meaning that unauthorized individuals will not be able to decipher your confidential information.

Taxback International use data hosting providers Interxion and AWS.

Interxion data centre facilities are ISO27001, ISO22301 certified and maintain a SOC 2 report. AWS data centre facilities are ISO27001 and maintain a SOC 2 report.

Security Incident and Event Notification

24 x 7 system monitoring is undertaken by our Security Operations Centre provider.

Taxback International has a documented and established incident management procedure with incident severity and points of escalation defined.

Data protection and deletion.

We only retain data for as long as is required under regulatory and legislative requirements. Data retention timelines are defined and procedures are in place to delete data when no longer required.

We are headquartered and registered in Ireland and subject to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Technical and organisational controls are implemented and maintained as per industry best practice, these controls are externally audited on a bi-annual basis by our ISO27001 auditor.

Taxback International takes the privacy of our clients seriously and complies with all local data protection laws in the jurisdictions we operate in. Staff are reminded of their data protection obligations through regular awareness communications from the Data Protection Officer. Computer based training and testing of understanding is mandatory and completed by all staff on an annual basis.

  • Patch Management

    A risk-based approach is taken with all critical patches installed within 7 days or less in line with our patch management standard.

  • Regular External Audits

    A dedicated audit program is in place with several internal audits completed monthly and bi-annual external audits completed to ensure conformance of our Information Security Management System with ISO27001.

  • Penetration Testing

    Penetration testing is conducted at least annually by a third party provider. Vulnerabilities are assigned owners and tracked to remediation at our IT governance forums.

  • Vendor Management

    We have defined rules for engagement with third parties. Requirements include contracts and due diligence to ensure that services commissioned are from reputable companies that operate in accordance with all applicable industry, regulatory and legislative requirements.