Maytech Public Documentation
Space shortcuts

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Do you have any relevant certifications in relation to Information Security Standards that are held by your organisation (such as ISO 27001, PCI DSS, etc.).?
Expando
expandedtrue

Yes. Maytech's Information Security Management Systems are ISO 27001 certified. Our certificate number is 10009780 and the certificate is available on request.

Maytech’s products are PCI-DSS compliant and our annual PCI-DSS SAQ (level D) and Attestation of Compliance are available on request.  

Maytech’s services are also GDPR and HIPAA compliant.

Have your information security controls been assessed by an external auditor or certification body? If so, please describe and provide their findings. 
Expando


Yes. Maytech are audited twice a year by Lloyd's Register Quality Assurance — one of the leading business assurance providers in the world.

Can you fully disclose the scope under which Information Security was achieved?
Expando

Scope of Applicability: Information Security relating to the design, development, support and provisioning of Maytech’s SaaS hosted services. Statement of applicability version1 can be provided upon Customer's request.




Do you have any relevant certifications in relation to Information Security Standards that are held by your organisation (such as ISO 27001, PCI DSS, etc.).?

Yes. Maytech's Information Security Management Systems are ISO 27001 certified. Our certificate number is 10009780 and the certificate is available on request.


Maytech’s products are PCI-DSS compliant and our annual PCI-DSS SAQ (level D) and Attestation of Compliance are available on request.

Maytech’s services are also GDPR and HIPAA compliant.

Have your information security controls been assessed by an external auditor or certification body? If so, please describe and provide their findings.

Yes. Maytech are audited twice a year by Lloyd's Register Quality Assurance — one of the leading business assurance providers in the world.

Can you fully disclose the scope under which Information Security was achieved?

Scope of Applicability: Information Security relating to the design, development, support and provisioning of Maytech’s SaaS hosted services. Statement of applicability version1 can be provided upon Customer's request.

What functions exist in your locations?

Head Office (Finance and Administration functions is in United Kingdom, London, 4th Floor, St Magnus House, 3 Lower Thames Street, EC3R 6HE) and Operations centre (Development, System Administration, Sales, Marketing, Support and HR functions is in Ukraine, Lviv, Symona Petliury St, 37 )

Do you have the independently conducted third-party security control assessment, such as SOC 2/SOC 1 reports?



Yes, for data centres. Maytech do not have a SOC 2 report. Our information security management systems are instead ISO 27001 certified, and audited twice a year by Lloyd's Register Quality Assurance, one of the leading global business assurance providers.


The criteria / controls required by the two standards were developed to mitigate similar risks and there is considerable overlap in the criteria defined in the Trust Service Principles of SOC 2 and the controls defined in Annex A of ISO 27001.


Both standards provide independent assurance that the necessary controls are in place and whereas ISO 27001 is an international standard with its origin in a British standard, SOC 2 is created and governed by the American Institute of Certified Public Accountants, AICPA.

Is your service suitable for Government data?


Maytech’s government service and associated infrastructure is dedicated to public sector customers and is accessible from the internet. It is suitable for UK public sector customers with data sensitivity levels up to OFFICIAL and including OFFICIAL SENSITIVE. These categories represent up to 85% of data created or processed by the UK public sector.

Maytech is a registered G-CLoud supplier (Service ID no: 110486484775596) and further information can be found on UK government Digital Marketplace.

When were written security policies last updated?

Policies are reviewed during monthly ISMS mgmt meetings and updated regularly, as necessitated or identified within review / training, as part of Maytech's Continual Improvement program.

Do you have a documented information security policy or program? If YES, what is covered by written information security policies?

Yes ISMS 01. This document provides a policy and framework of the main requirements of ISO 27001 that Maytech adheres to, in order to ensure that the company remains compliant.  Our ISMS documentation includes regulatory obligations, all potential risk factors, policy & procedures, internal checking methods, recording, analysis and review which determines a proposed action.

Do  you store or process any personal information?


If the system stores or processes personal data, please confirm that you have the capability to carry out the following:

  1. Retrieval of a data subject’s data (Subject Access Request)

  2. Rectification of a data subject’s records

  3. Erasure, or part-erasure, of a data subjects records (where this is permissible under contract)

  4. Restriction of data processing

  5. Provide personal data in a form that it can be moved / copied / transferred (data portability)



Maytech offer secure, compliant, simple cloud file sharing and data storage of Customer’s electronic files.  Customers at all times are in control of their data. Further details can be found on Maytech’s Guide to GDPR Compliant File Sharing page.

Does data belong to the Customer at all times?

Yes.