Information Security is our most important task
The security of employee data is our single highest priority. We invest heavily in people, processes and have been through some of the toughest tests and accreditations by government and corporate clients.
Below, we'll share some key points at a glance. For more on Security as a Reward Gateway client, please visit our dedicated Trust Centre.
Reward Gateway (UK) Ltd. was the first benefits provider to achieve certification to ISO 27001 standard for its Information Security Management System.
We have a dedicated, in-house information security team who have relevant qualifications, such as Certified Information Systems Security Professional (CISSP), and are approved Payment Card Industry (PCI) Internal Security Assessors (ISA).
We commission annual penetration tests from an independent third-party on our applications and infrastructure. The latest results can found in our full security pack.
We continuously monitor for cyber threats and vulnerabilities, and are subscribed to Government information sharing forums.
We maintain a comprehensive insurance policy and have a specialist incident response firm on 24/7 retainer to cover any eventualities.
We are registered with the Information Commissioner’s Office, and we are fully compliant with the Data Protection Act 2018.
We use Microsoft’s Secure Development Lifecycle as the basis for our software development process and provide our team training on the OWASP Top 10.
We are compliant with the PCI Data Security Standard (PCI DSS) and have partnered with Checkout.com, to fulfil all of our payment card processing needs.
We host the solution on Amazon Web Services (AWS), a cloud hosting service meeting multiple security standards, including ISO 27001:2013
Our system status is published at rg.co/status and we contractually guarantee a 99.9% service up-time over a rolling 12 month period.