5   Compliance

5.1  Terms & Conditions

Together with the Data Processing Agreement (see below), our Terms & Conditions are the legal artifacts that govern your use of Admin By Request.

Refer to Terms & Conditions for the full text of this agreement.

5.2  Data Processing Agreement

Admin By Request is a European company, and we must therefore abide by the EU General Data Protection Regulation (GDPR).

To comply with Article 28 in the GDPR, any European company must provide a Data Processing Agreement (DPA) between themselves and any European customer. The agreement applies to all customers around the world, which means all customers reap the benefits of the GDPR requirements observed by us.

The overall purpose of Article 28 is to describe internal procedures relating to security, availability and privacy when managing customer data, with the main objective being customer transparency.

Refer to Data Processing Agreement for the full text of this agreement.

5.3  ISO 27001

ISO/IEC 27001 is an information security standard - part of the ISO/IEC 27000 family of standards. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee.

ISO/IEC 27001 specifies a management system that outlines security requirements and is intended to bring information security under management control. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.

Admin By Request is ISO 27001 certified. Download this certificate in the Trust Center.

Refer to ISO/IEC 27001:2022 for further details on this certification.

5.4  SOC 2

Service Organization Control 2, known as SOC 2, is developed by the American Institute of CPAs (AICPA) and defines the criteria for managing customer data based on five "trust service principles":

  1. Security

  2. Availability

  3. Processing Integrity

  4. Confidentiality

  5. Privacy

SOC 2 and GDPR Data Processing Agreements are very similar and they both address the same procedures. The key difference is that a GDPR Data Processing Agreement is based on the right to audit by the customer, whereas SOC 2 is a certification by a trusted third party.

The SOC 2 Type 2 report issued for Admin By Request by the C3PAO, A-LIGN, can be downloaded in the Trust Center.

Refer to AICPA-CIMA for further details on this certification.

5.5  Cyber Essentials Plus

Cyber Essentials and Cyber Essentials Plus are the UK Government’s answer to a safer internet space for organisations of all sizes, across all sectors.

Developed and operated by the National Cyber Security Centre (NCSC), Cyber Essentials is considered the best first step to a more secure network, protecting you from 80% of the most basic cyber security breaches.

In addition to Cyber Essentials, Admin By Request complies with the requirements of the Cyber Essentials Plus scheme. The certificate can be downloaded in the Trust Center.

Refer to Cyber Essentials for further details on this certification.