Data Security & Compliance Protections
Updated November 10, 2023
Terms & Policies
Introduction
Teamgo is committed to delivering and maintaining reliable, robust and secure information and information processing facilities for delivering our customer services.
At the core of our security policies we strive to ensure the confidentiality, utmost integrity and availability of the services and applications provided, information entrusted to us by our customers and business partners, as well as our own information.
To accomplish this, we have deployed an information security management system (‘ISMS’) compliant with the ISO/IEC 27001 information security standard to meet this policy and demonstrate Teamgo’s ongoing commitment to the security and privacy of the information and services entrusted to Teamgo.
This policy applies to all team members, visitors, and contractors of Teamgo, together with any third parties providing services to Teamgo so we may perform our entrusted duties.
Our Commitment
To realise our core security policy, Teamgo is committed to the following objectives:
- Maintaining compliance with all policy, legal, regulatory, and contractual requirements in our regions of operation.
- Monitoring systems and investigating detected security breaches and weaknesses.
- Protecting our customers confidentiality and of the information they provide us.
- Ensuring we promote and maintain a security-centric culture within the Teamgo organisation and our belief that must understand they are responsible and accountable for the protection of the information we collect.
- Operating the Teamgo ISMS in accordance with ISO/IEC 27001 information security standard to provide mechanisms for the ongoing and progressive improvement of information security and risk management practices of Teamgo.
- Allocating responsibilities and providing resources to ensure a structured and consistent approach to managing the security of information.
- Maintain the availability of information and systems necessary to deliver our core business functions.
- Maintain industry leading, globally aligned, robust risk management practices.
Teamgo’s Compliance Standards
International Organisation for Standards (ISO)
ISO 27001 is a specification for an information security management system (ISMS) as defined by the International Organization for Standardization (ISO). This is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
Simply put, it ensures that an organisation strictly controls all aspects of information security.
Teamgo Pty Limited is currently undergoing audits for it’s 2022 accreditation.
Teamgo employs providers that enable us to deliver our services within their framework guidelines. At this time we are able to extend the compliance encompassing their framework practices to our customers
EU and EEA General Data Protection Regulations (GDPR)
The General Data Protection Regulation (“GDPR”) is a set of regulations, enacted in the European Union and designed to coordinate data privacy laws and strengthen privacy protections for EU residents. In addition to all organisations within the EU, the GDPR also applies to organisations in other countries that provide goods or services to residents within those regions.
Teamgo and GDPR Compliance
Teamgo’s services comply with the GDPR. In accordance to the regulation, there are various roles for companies based on how a company engages with user data. Teamgo is considered a data processor because we process personal data for of our customers, who are deemed data controllers.
As a data processor we comply with the GDPR by:
- Disclosing how we process personal data in our privacy policies
- Confirming that the partners, affiliates and vendors we work with also adhere to the GDPR
- Anonymising customer data upon their request and providing the tools for them to do so themselves
- Entering into data processing agreements with our customers, partners, affiliates and vendors that establish our respective rights and obligations regarding the use and protection of Teamgo’s customers data
Teamgo’s Data Processing Addendum (“DPA”) is available online at this link.
How does Teamgo meet the requirement for transferring EU & EEA data into Australia?
For transfers of data from the EU, Teamgo employs the most recent Standard Contractual Clauses (SCCs) released by the European Commission. Teamgo’s DPA incorporates these mechanisms, and we leverage this DPA with customers that have EU locations to ensure transfers of personal data comply with data protection laws.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (“CCPA”) offers California residents additional control over personal information that businesses collect. For-profit businesses operating in California who exceed a certain size, or who collect a significant amount of personal information, are required to comply with CCPA and its related regulations.
Teamgo’s CCPA Compliance
The mechanisms Teamgo employs with the GDPR also applies to the CCPA. We disclose how we make use of California resident’s data in our privacy policies, respond to requests to delete data, or provide them with their data and sign written agreements with our customers, partners, affiliates and vendors that implement the rights and obligations required to comply with the CCPA. California businesses who do not have locations in Europe may review our CCPA agreement here: Teamgo CCPA-DPA
Service Organisation Controls (SOC)
Service Organization Controls (“SOC”) are internal control reports created by the American Institute of Certified Public Accountants (AICPA). SOC-certified service organizations undergo regular audits involving the controls over information technology and related processes, policies and procedures, including operational activities.
SOC 2 specifically focuses on data security compliance around five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
Teamgo SOC 2 Certification
Teamgo uses third party real-time monitoring frameworks and hires and independent auditor annually to review our organisational controls. The auditor issues a report attesting that Teamgo meets the SOC 2 criteria being evaluated. The report describes our systems and if their design is suitable to meet the relevant trust principles.
- Teamgo’s SOC 2, Type 2 report validates that our security controls are appropriately designed to mitigate risk. So you can feel confident in our team’s ability to maintain security of your information.
- Security is at the forefront of Teamgo’s priorities, with verifiable processes and controls throughout our daily work cycle, such as always using 2-factor authentication (2FA), encrypting data, logging administrator actions, tracking access grants using verified policies, and following repeatable processes for a secure customer experience.
- You can verify our security practices and make sure they meet your company’s needs. Upon request we will provide our SOC 2, Type 2 reports.
- Part of SOC 2, Type 2 is the agreement to have ongoing audits of our security practices. Ensuring that we are always up to date and keeping security the highest of priorities.
For a copy of our SOC 2, Type 2 reports or if you have any questions, please email our compliance team at [email protected]
Teamgo Pty Limited is currently undergoing audits for it’s 2022 accreditation.
Teamgo employs providers that enable us to deliver our services within their framework guidelines. At this time we are able to extend the compliance encompassing their framework practices to our customers
International Traffic in Arms Regulations (ITAR)
As an Australian company that exports it’s services globally to organisations both private, civil and government, including importing services from regions such as the United States (US), Teamgo believes we have an obligation to acknowledge ITAR compliance.
ITAR, International Traffic in Arms Regulations, are a set of rules and regulations enforced by the US which must be followed when dealing with defence-related products across the supply chain.
Export and temporary import of defense articles and services are controlled by the International Traffic in Arms Regulations (ITAR). The US government requires manufacturers, exporters and brokers of defence articles, ddefence services or related technical data to be ITAR compliant.
Teamgo can assist with your ITAR compliance
Teamgo can help organisations meet their ITAR requirements around verifying citizenship and providing visitor access. Including but not limited to
- Verifying visitor identities (ID checks, capturing photos, information registration)
- Deny access to visitors who are not permitted to enter workplaces and alert workplace contacts
- Create unique sign-in workflows based on country of origin or citizenship
- Require visitors to choose their country of origin or citizenship, with the option to send their response to nominated workplace contacts
- Require visitors to be escorted by a host, with option to display visitor badges that have unique information included
Payment Card Industry Data Security Standards (PCI DSS)
Teamgo employs a 3rd party for processing card payments for services directly attributed to the Teamgo service. Our provider is a PCI compliant and accredited processor for card payments and security of personal payment information and payment details. We do not store personal or card payment information on our records directly.
The PCI Security Standards Council was founded by Visa, Mastercard, American Express, Discover and JCB International to ensure the safety of cardholder data. Complying with PCI standards involves many components of an organisation’s policies and procedures, including how they record and store physical and data security.
Teamgo can help with your PCI DSS compliance
Teamgo can help our customers, including those that that maintain service provider or merchant data, meet the requirements of the PCI Self-Assessment Questionnaires related to restricting physical access to cardholder data.
- Verify visitor identity (ID checking, photo capture, information registration) and deny access to those who are not permitted to access the workplace
- Maintain detailed visitor logs, forming a data repository of visitor arrivals and departures
- Customise sign-in workflows to include visitor names, organisations they represent and ensure employees (hosts) can oversee and authorise physical access
- Print wearable badges that identify visitors from employees and show important information
- Badges can be returned and filed or destroyed upon sign-out including the option to automatically expire badges if they have re-entry mechanisms.
Summary
Teamgo Pty Limited (“Teamgo”) may be used to assist our customers with certain compliance matters in certain circumstances. However the use and configuration of our services and solutions and the compliance with the rest of the corresponding requirements is solely the responsibility of each customer.
Teamgo disclaims any and all responsibility and liability for compliance with the any laws, rules, regulations and standards within the regions the customer maintains operations that utilise these Teamgo services.
See how Teamgo performs for your workplace
Get our Essential plan 30 days for free – no payment or credit card needed.