Skip to content

Security standards

At Griffin, we take the security of your data seriously. We work with third-party partners to ensure that your information is safe and protected in accordance with European Banking Authority guidelines. Here are the key points to keep in mind to comply with our security requirements:

1. General Standards

  • Our partners maintain top-notch security certifications like SOC 2, ISO 27001, PCI-DSS, and FSQS 2.
  • They conduct background checks on their employees and provide regular training on data security and UK GDPR.
  • A full list of our material subcontractors is available for reference.

2. Personal Data Standards

  • Your data is handled in accordance with the law, with a focus on transparency and limited use for the services we provide.
  • All data processing is covered by written contracts, ensuring responsibility and protection.

3. Integrity, Confidentiality and Availability

  • Data is processed within specified geographic areas to ensure safety.
  • Business impact assessments and continuity plans are in place to mitigate potential disruptions.

4. Data and System Security Standards

  • All data is encrypted at rest and in transit for security.
  • Access to systems is strictly monitored and managed, ensuring that only authorised personnel can access your data. We authorise on the principle of 'least privilege' required to effectively execute the required function.
  • Robust change management procedures are in place to guarantee the integrity of our systems.
  • Regular security testing and threat monitoring ensure the safety of your data.

5. Incident Response

  • Any issues with data security are reported promptly, with detailed action plans to prevent reoccurrence.
  • Transparent communication is provided, along with insights into how we plan to improve our systems.
  • Any security incidents involving Griffin managed data or credentials must be reported to Griffin as soon as an incident has been identified.

6. Customer Best Practices

  • Secure Access & Encryption: Ensure secure API access with proper encryption for sensitive data.
  • Input Validation & Audits: Validate inputs and conduct regular security audits and penetration tests.
  • Compliance & Data Protection: Comply with data protection regulations (GDPR, CCPA) and prioritise secure data transmission.
  • Access Control & Monitoring: Implement strict access controls and robust monitoring systems for user activities.
  • Patch and vulnerability management: Implement processes to identify vulnerable components within your system and patch in a timely manner.

By following these guidelines, together we can ensure the safety and security of your data at Griffin. If you have any questions or concerns, please don't hesitate to reach out to us at support@griffin.com.