We know information security is critical and we take this very seriously. Our systems are compliant with ISO 27001 controls which is globally recognised as the leading standard for information security management. GOAT Risk™ is also compliant with System and Organisation Controls Trust Service Principles (SOC TSP), Payment Card Industry Data Security Standards (PCI DSS), and Azure Centre for Internet Security (CIS) 1.1.0 controls.
Protecting your data
GOAT is hosted on Microsoft Azure’s cloud platform and benefits from knowledge, resources and suite of scanning and security tools. GOAT has implemented the added protection of using the Azure Front Door service which includes a suite of features including its Web Application Firewall (WAF) and protection against Distributed Denial of Service (DDoS). The data is stored in Microsoft’s UK data centres (UK South and UK West location). Billing details reside with and protected by 3rd party payment processing company Stripe.
Behind the systems
GOAT is a small company which means only a core team of trusted senior employees have access to the system and data. Whilst we benefit from an offshore 3rd party development partner with scalable resources, we keep them in a separate environment and they do not have access to the live system or client data. We conduct 3rd party pentration tests after major releases or annually as well as conducting our own Information Security Risk Assessment.
If you detect any suspicious activity or have any questions, please contact firstname.lastname@example.org