At Soldo, we take security seriously.
We use a ‘security by design’ approach, following international standards, security best practices, and continuously working to deliver secure products.
To maintain a high degree of protection, Soldo recognises the importance of being continuously audited according to the most rigorous standards available. As such, Soldo is compliant with:
The Payment Card Industry Data Security Standard, or PCI DSS for short, is a data security standard developed by the principal payment card networks (MasterCard, Visa, American Express, Discover, JCB) to ensure the security of cardholder data and of the network and systems that host it.
Soldo Software Ltd., which provides the group’s software services to all customers, has been annually accredited as a Level 1 Service Provider by the PCI Council, complying with the highest data security standards, since 2017.
In order to be certified, Soldo goes through yearly assessments by external parties, including 4 internal and 4 external vulnerability assessments every quarter, 2 internal and 2 external penetration tests every semester and an audit by an external Qualified Security Assessor (QSA). The payment card networks review the results of those assessments and maintain the list of compliant organisations.
ISO/IEC 27001 is the international standard for managing information security, which sets out the specifications for an Information Security Management System (ISMS). Adhering to the standard implies being aligned with globally recognised information security best practices in terms of people, processes and technology. Obtaining a certification requires an audit by an external assessor. Providing proof of regular penetration testing and associated procedures is a pre-condition for the successful completion of the audit.
Soldo’s ISO/IEC 27001 annual certifications since 2019 demonstrate that all of the companies belonging to the group have been committed to implementing and maintaining an Information Security Management System that complies with the highest international standard.
ISO/IEC 9001 is an international standard for quality management within an organisation. This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001 helps ensure that customers get consistent, high-quality products and services.
Soldo Technology’s ISO/IEC 9001 certifications since 2019 demonstrate that the group’s quality management system complies with the highest international standard.
Cyber Essentials is a UK government-backed and industry-supported scheme that helps businesses protect themselves against common online threats.
Soldo Software Ltd. and Soldo Financial Services Ltd. have both obtained the Cyber Essentials Plus Certification, which is the highest level of certification offered under the scheme and involves an audit by an external assessor carrying out vulnerability tests to ensure the organisations are protected against basic hacking and phishing attacks.
Soldo is part of the G-Cloud framework, the UK government’s supplier agreement for cloud computing services for the public sector. The group was part of the G-Cloud 12 framework and has also been accepted for the G-Cloud 13 framework in 2022.
To implement our mission statement, we have developed and maintain an integrated qualityand information security management system in accordance with ISO 9001 (Soldo Technology Division) and ISO standards 27001.
As part of our policy for quality and information security, Soldo is committed to: