Compliance & Certifications

Compliance & Certifications

Convo is committed to maintaining the highest standards in cybersecurity, privacy, and regulatory compliance:

• ISO/IEC 27001:2022 certification Our Information Security Management System (ISMS) ensures a structured approach to managing sensitive information securely. Certificate number and expiry available on request.
• Cyber Essentials Plus Independently verified to protect against the most common cyber threats.
• UK GDPR & ICO Compliance Full compliance with the UK Data Protection Act and GDPR, under the Information Commissioner’s Office (ICO) guidance.
• Data Protection Impact Assessment (DPIA): To ensure GDPR compliance and protect user privacy, we conduct DPIA whenever new data processing activities are introduced. The DPIA evaluates potential risks to privacy and ensures these are mitigated through appropriate technical and organisational measures. It also assesses the necessity and proportionality of data processing to address any risks before new projects or changes are implemented.
• PCI DSS v4.0 (Level 1) Ensures secure handling of payment data in line with the highest industry standards.
• Penetration Testing Annual third-party penetration tests, with additional testing conducted after significant platform updates.
• Vulnerability Scanning Conducted 3–4 times monthly using commercial-grade tools to identify and remediate risks proactively.

Next: Data Security & Privacy