Security & Compliance
A Trusted, Reliable And Responsible Hosting Partner.
As a responsible hosting provider and cloud services operator, Memset considers our customers’ trust to be of the highest value. To this end, responsibility for management of trust-impacting activities is held at the highest levels.
We maintain strict security and compliance controls, a cycle of regular internal and third party validation throughout the year and a general policy of ‘transparency first’ towards our interactions with customers.
Memset maintains an extensive policy and control set to manage the security, privacy, quality and environmental impact of our operations and services. An overarching integrated Compliance Management System is supported by an ISO27001:2013 accredited ISMS, ISO14001:2105 EMS and an ISO9001:2015 QMS. Additional PSN CoCo and PCI-DSS Merchant and Service Provider controls over and above ISO27001 requirements are managed from within these standards.
Process conformance and process improvement are managed by a team of qualified internal and external auditors and subject to a continual program of audits over an annual period.
Governance & Risk Management
As a responsible hosting provider, we have taken steps to ensure that security and compliance are resourced in a continuing, sustainable and appropriate manner. Accountability for these vital functions is sufficiently senior and provided with a mandate to allow for reporting, escalation and resolution of problems in any area of the business. The Head of Compliance and Head of Security & Internal IT respectively hold seats on the Operations Board, reporting to the Chief Operating Officer.
In addition to dedicated compliance and security teams, a number of personnel throughout the business maintain formal internal audit training and qualifications to assist our governance programme with expert insight.
Memset are committed to protecting the privacy of our customers’ data. We maintain significant internal expertise on this topic and are a member of industry data protection and privacy-related groups in order to keep abreast of this rapidly changing area of legislation.
Memset are committed to ongoing GDPR compliance and you can learn more about our efforts here.
Logical Security Controls
Memset has continually evolving controls in place to reduce the risk of cybersecurity attack on our networks, infrastructure and personnel and to protect our customers from risk of compromise via our systems.
Tools include intrusion detection systems, strong network security and audit controls, privileged user access control systems to manage our system administrator access to customer solutions and regular security testing.
Physical Security Controls
Memset’s data centres maintain a standard baseline of strong physical security requirements aligned to most commercial security standards including ISO27001:2013, PCI-DSS v3.2, PSN CoCo and the requirements of data marked OFFICIAL.
Individual data centres exceed these requirements, including Class 3 strong-room construction for data centre skins, ANPR vehicle entry controls and door composition or the use of vibration sensors.
Memset encourages responsible disclosure and feedback from the community regarding the security of our systems. If you believe that you have discovered a vulnerability on our systems please see our vulnerability disclosure for how to report it to us.