Insights CharityeCommerce

Keeping Your Information Secure Through Elovate’s Vigilant Data Protection Practices

Data breaches can have significant consequences for individuals and organisations alike, these include:

  • Financial losses: Dealing with a breach requires significant financial resources. Costs include incident response, legal fees, customer notifications, and potential fines.
  • Operational disruption: Breaches disrupt normal business operations, affecting productivity and efficiency.
  • Reputation damage: Public awareness of a breach can harm a company’s reputation, eroding trust among customers, partners, and investors.
  • Legal and regulatory challenges: Companies may face lawsuits, regulatory investigations, and penalties.
  • Loss of customer confidence: Customers may abandon the company due to privacy concerns.

Clients of Elovate can be assured that we go above and beyond to ensure that your customer and supporter data is secure – whether that’s personal information, such as names and addresses, or financial data, such as credit card details.  

We have demonstrated our commitment by implementing various security controls and measures to safeguard our assets, internal data, and client data. Below, we outline the main accreditations that we’re proud to be awarded and explain what the main differences are.

Our accreditations: ISO/IEC 27001:2017

Elovate achieves ISO/IES 27001:17 security certification for the contact centre, web-based order fulfilment solution, and various services including response management, warehouse, and distribution of products including medical products for clients across the UK.

Our compliance with ISO certification is certified by the British Assessment Bureau. It offers United Kingdom Accreditation Service (UKAS) certification, and it is the only government-backed body for ISO certification in the United Kingdom. 

ISO/IEC 27001 is a security standard that formally specifies an Information Security Management System (ISMS) that is intended to bring information security under explicit management control. As a formal specification, it mandates requirements that define how to implement, monitor, maintain, and continually improve the ISMS. It also prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures.

Our accreditations: ISO 9001:2015

ISO 9001 is a globally-recognised standard for quality management. It helps organisations of all sizes and sectors to improve their performance, meet customer expectations, and demonstrate their commitment to quality. Its requirements define how to establish, implement, maintain, and continually improve a quality management system (QMS). Implementing ISO 9001 means an organisation effective processes and trained staff in place to deliver flawless products or services time after time.

Elovate achieved our first ISO 9001 certification in 2011, and we continue to comply with all the requirements mentioned in the standard. Currently, ISO 9001 certification scope includes a contact centre, web-based order fulfilment solution, and various services including response management, warehouse, and distribution of products and medical products for clients across the UK.

As with the above ISO/IES 27001:17, our compliance is certified by the British Assessment Bureau with UKAS certification. 

Our accreditations: PCI: DSS v3.2.1

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store, or transmit credit card or debit card information, maintain a secure environment. It helps to protect the cardholder data that your customers and donors share with us during payment and reduces the risk of payment card fraud by increasing security controls around cardholder data.

Cardholder security is a top priority for Elovate. External QSA (Qualified Security Assessors) from leading cyber security consultancy, Security Risk Management (SRM), have assessed our card processes and we are proud to be a PCI-compliant payment processor that invests in tools and technology to protect cardholder data.

Our commitment to safeguarding data

At Elovate, we take information security and data privacy extremely seriously. By complying with the PCI DSS standard, we demonstrate our commitment to safeguarding our customers’ credit card data. These measures protect against theft and fraudulent use on the internet. Furthermore, Elovate ensures the security of sensitive data and personal information, helping prevent credit card misuse and costly data breaches.

Additionally, by achieving ISO security standards, Elovate has established a structured approach to handling client data stored in our systems. This baseline increases trust between Elovate and our clients, assuring all of our stakeholders that their personal information is safe from malicious hackers.

If you have any questions about our commitment to data security, please contact us today.

Back to Stories