ISO 27001 is a global standard for security management; it specifies best practices for security management and a comprehensive set of security controls that follow the ISO 27002 best practice guidance. Effective management of rigorous security programs are required to maintain certification under this standard. The Information Security Management System (ISMS) required under this standard defines how Umbee manages security in a comprehensive and holistic way.

Umbee provides secure, compliant, high performance and managed hosting to eCommerce and retail businesses worldwide. By handling payment card data in a responsible way, we help organisations who accept, store, and/or process credit cards achieve and maintain PCI 3.0 compliance.

Our data centres in the US hold SSAE 16 SOC 1 Type II, SOC 2 Type II, SOC 3 Type II and ISAE 3402 reports. Auditing for these reports was conducted in accordance with both the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) standards. The reports cover a wide range of financial auditing requirements for both US. and international auditing bodies.

The Data Protection Act 1998 requires organisations that process personal data to register with the Information Commissioner’s Office (ICO), unless exempt from doing so. The ICO is an independent authority, established to uphold information rights in the public interest; it promotes openness by public bodies and privacy of data for individuals.