Fundraising compliance to the highest standards

Fundraising compliance is at Woods Valldata’s very core. Data security, quality, and continuity of service are enshrined within everything we do and we invest continuously in best-in-sector fundraising compliance measures and practices. Here’s what keeps us ahead of the pack:

Corporate Governance

We understand the need to integrate our business values and operations to meet the expectations of clients, employees, regulators, suppliers, our community and the environment. Our fundraising Compliance Management System (CMS) provides us with a framework for continually improving the suitability, adequacy and effectiveness of our compliance measures.

Our corporate and social responsibility compliance measures include a suite of defined policies:

> Equality and Diversity Policy > Anti-Bribery Policy > Social Responsibility Policy > Training and Development Policy > Information Security Policy > Data Protection Policy > Environmental Policy > Quality Management Policy > Health and Safety Policy.

To view details of our Corporate Governance programme, please visit our Client Area where you can log in with your existing password or register for access with a charity email address.

Head of Compliance

Our Head of Compliance, Paula Robinson, has responsibility for and oversight of the Woods Valldata CMS and associated policies. Paula is an experienced professional with over 12 years’ experience in senior compliance roles. She is also a PCI Qualified Security Assessor (QSA), certified CSA STAR Auditor and is accredited to deliver British Computer Society (BCS) courses in information security, business continuity and data protection.

Paula sits on our management team and reports directly to our Chief Financial Officer. The fact we have a senior role dedicated solely to this area is testament to how seriously we take compliance.

Speak to our Fundraising Compliance Expert

If you have any specific compliance queries please contact Paula Robinson via our contact page.

Key Areas of Fundraising Compliance

Below you will find further details on our key areas of compliance and achievements within these areas, plus links to the relevant certificates, licences and policies.

PCI-DSS Level 1 Compliance
Gambling Commission ELM and RTS Compliance
Information Security
GDPR
Business Continuity Management
Quality Management
Environmental Management

PCI-DSS Level 1 Compliance

Woods Valldata is a validated PCI DSS Level 1 Service Provider – the highest level of PCI DSS compliance.

To prove our commitment to maintaining the highest compliance levels, we go through a rigorous annual external audit process by a PCI DSS Qualified Security Assessor (QSA), involving over 300 control measures encompassing people, processes, documentation and effective implementation.

PCI DSS compliance is part of our Information Security Management Programme. View our current PCI compliance certificate, issued by the QSA company. To view our Attestation of Compliance please visit our Client Area where you can log in with your existing password or register for access.

Gambling Commission ELM and RTS Compliance

Woods Valldata was in the inaugural group of External Lottery Managers granted under the 2005 Gambling Act. We hold both remote and non-remote licenses and have Personal Management License (PML) holders within the business. View our license status.

This significant experience means we have a full suite of tried and tested ELM policies and procedures and can work proactively with our clients to ensure their full compliance with their Licence Conditions and Codes of Practice (LCCP) commitments. Our policy suite can be viewed in our Client Area.

The Gambling Commission requires remote operating licence holders to comply with their Remote Gambling and Technical Standards (RTS). Woods Valldata was amongst the first ELMs to attain this rigorous standard which is subject to an annual independent external audit which ensures compliance levels are maintained and adhered to.

GC RTS compliance is part of our ISMS. View our current GC RTS compliance certificate, issued by the external auditor.

Information Security

Ensuring good information security management is critical for all businesses and Woods Valldata places information security at the top of our agenda.

We have implemented a Compliance Management System (CMS) aligned with the International Standard for Information Security Management Systems (ISO/IEC 27001:2013).

By adopting this standard we have been able to identify the risks to the information owned by us, and under our care, and implement the appropriate controls to reduce those risks. We monitor the effectiveness of the controls through internal audit, KPI monitoring, incident management, and in the case of measures mandated by PCI DSS and GC RTS, through external audit. This enables us to continually improve our policies, processes and working practices, and respond to the ever-changing threat landscape as well as changes in legal, regulatory or contractual requirements.

To view details of our Information Security Management Programme (ISMS) and associated controls please visit our Client Area where you can log in with your existing password or register for access with your charity email.

GDPR

Woods Valldata is committed to ensuring that personal data processed by us, whether as a data controller or data processor, is done so in a secure and compliant manner. Data protection is rooted in everything we do and the measures in place are continually assessed to ensure they remain effective. We have created a GDPR Compliance Fact Sheet which provides an overview of the activities that Woods Valldata has undertaken to ensure it is compliant with the General Data Protection Regulation (EU) 2016/679 (GDPR), which came into force on 25 May 2018. The information provided in the Fact Sheet relates to where Woods Valldata acts as a data processor.

To view details of the Fact Sheet please visit our Client Area where you can log in with your existing password or register for access with your charity email address.

Business Continuity Management

With information security management, it is vital that businesses implement a strategy that ensures they are prepared for, and able to continue, operations in the aftermath of a major incident. As such, Woods Valldata is implementing measures aligned with the International Standard for Business Continuity Management (ISO 22301:2012) to demonstrate our commitment to maintaining the highest levels of service in the event that circumstances require either a temporary or a permanent relocation, and recovery of our key services.

These measures include incident management and recovery plans, and an exercise programme, as well as ensuring resilience and redundancy is built into our infrastructure to remove any single points of failure and ensure continuation of service.

To view details of our business continuity management programme please visit our Client Area where you can log in with your existing password or register for access with your charity email address.

Quality Management

Underlining our commitment for providing a quality service to our clients, Woods Valldata’s CMS is certified to the International Standard for Quality Management systems (ISO 9001:2015), which determines our quality management practices business-wide.

To ensure compliance levels are maintained and adhered to, our quality measures undergo six-monthly external audits by a UKAS-accredited certification body.

View our certificate in our Client Area.

Environmental Management

Woods Valldata places great importance on protecting the environment and on improving our environmental performance. To support this, we have achieved certification to the International Standard for Environmental Management systems (ISO 14001:2015) which governs over environmental practices business-wide.

To ensure compliance levels are maintained and adhered to, our environmental measures undergo six-monthly external audits by a UKAS-accredited certification body.

Like to be kept up to date on compliance? Visit our Client Area