Compliance Management
Memset maintains an extensive policy set to manage the security, privacy, quality and environmental posture of our operations and services. An overarching integrated Compliance Management System is supported by a suite of and industry-specific accreditations.
Process conformance and process improvement are managed by a team of qualified internal auditors and are subject to a continual program of audits over an annual period. We also maintain a cycle of regular third-party audits and validation throughout the year.
Governance & Risk Management
Separate Heads of Operational Security and Governance Risk and Compliance maintain accountability and ensure checks and balances, and are provided with a mandate to allow for reporting, escalation and resolution of problems in any area of the business. The Head of Compliance and Head of Security respectively hold seats on the Operations Board, reporting to the Chief Operating Officer.
In addition to dedicated compliance and security teams, personnel throughout the business maintain formal internal audit training and qualifications to assist our governance programme with expert insight.
Privacy Commitment
We are committed to protecting the privacy of our customers' data. We maintain significant internal expertise on this topic and are a member of industry data protection and privacy-related groups in order to keep abreast of this rapidly changing area of legislation.
We are further committed both to ongoing GDPR compliance and to helping our customers with their GDPR compliance efforts.
Logical Security Controls
We continually evolve our logical security controls to manage the risk of cybersecurity attacks on our networks, infrastructure and personnel as well as protecting our customers from risk of compromise via our systems.
Tools include intrusion detection systems, strong network security and audit controls, privileged user access control systems and regular vulnerability assessment and security testing.
Physical Security Controls
Memset’s data centres maintain a standard baseline of strong physical security requirements aligned to most commercial security standards including ISO27001:2013, PCI-DSS v3.2, PSN CoCo and the requirements of data marked OFFICIAL.
Individual data centres exceed these requirements, including Class 3 strong-room construction for data centre skins and door composition, ANPR vehicle entry controls and door composition or the use of vibration sensors.
Responsible Disclosure
Memset encourages responsible disclosure and feedback from the community regarding the security of our systems. If you believe that you have discovered a vulnerability on our systems please see our vulnerability disclosure page for how to report it to us.