Visitor management compliance

Teamgo is committed to delivering and maintaining reliable, robust and secure information and information processing facilities for delivering our customer services.

At the core of our security policies we strive to ensure the confidentiality, utmost integrity and availability of the services and applications provided, information entrusted to us by our customers and business partners, as well as our own information.

To accomplish this, we have deployed an information security management system (‘ISMS’) compliant with the ISO/IEC 27001 information security standard to meet this policy and demonstrate Teamgo’s ongoing commitment to the security and privacy of the information and services entrusted to Teamgo.

Our Commitment

To realise our core security policy, Teamgo is committed to the following objectives:

• Maintaining compliance with all policy, legal, regulatory, and contractual requirements in our regions of operation.
• Monitoring systems and investigating detected security breaches and weaknesses.
• Protecting our customers confidentiality and of the information they provide us.
• Ensuring we promote and maintain a security-centric culture within the Teamgo organisation and our belief that must understand they are responsible and accountable for the protection of the information we collect.
• Operating the Teamgo ISMS in accordance with ISO/IEC 27001 information security standard to provide mechanisms for the ongoing and progressive improvement of information security and risk management practices of Teamgo.
• Allocating responsibilities and providing resources to ensure a structured and consistent approach to managing the security of information.
• Maintain the availability of information and systems necessary to deliver our core business functions.
• Maintain industry leading, globally aligned, robust risk management practices.

Teamgo’s Compliance Standards

International Organisation for Standards (ISO)

ISO 27001 is a specification for an information security management system (ISMS) as defined by the International Organization for Standardization (ISO). This is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

Simply put, it ensures that an organisation strictly controls all aspects of information security.

Teamgo employs providers that enable us to deliver our services within their framework guidelines.

At this time we are able to extend the compliance encompassing their framework practices to our customers

• Amazon Web Services
• Cloudflare Inc
• Twilio
• Atlassian

EU and EEA General Data Protection Regulations (GDPR)

The General Data Protection Regulation (“GDPR”) is a set of regulations, enacted in the European Union and designed to coordinate data privacy laws and strengthen privacy protections for EU residents. In addition to all organisations within the EU, the GDPR also applies to organisations in other countries that provide goods or services to residents within those regions.

Teamgo and GDPR Compliance

Teamgo’s services comply with the GDPR. In accordance to the regulation, there are various roles for companies based on how a company engages with user data. Teamgo is considered a data processor because we process personal data for of our customers, who are deemed data controllers.

As a data processor we comply with the GDPR by:

• Disclosing how we process personal data in our privacy policies
• Confirming that the partners, affiliates and vendors we work with also adhere to the GDPR
• Anonymising customer data upon their request and providing the tools for them to do so themselves
• Entering into data processing agreements with our customers, partners, affiliates and vendors that establish our respective rights and obligations regarding the use and protection of Teamgo’s customers data

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (“CCPA”) offers California residents additional control over personal information that businesses collect. For-profit businesses operating in California who exceed a certain size, or who collect a significant amount of personal information, are required to comply with CCPA and its related regulations.

Teamgo’s CCPA Compliance

We disclose how we make use of California resident’s data in our privacy policies, respond to requests to delete data, or provide them with their data and sign written agreements with our customers, partners, affiliates and vendors that implement the rights and obligations required to comply with the CCPA. California businesses who do not have locations in Europe may review our CCPA agreement here: Teamgo CCPA-DPA

Service Organisation Controls (SOC)

SOC 2 specifically focuses on data security compliance around five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Teamgo SOC 2 Certification

Teamgo uses third party real-time monitoring frameworks and hires and independent auditor annually to review our organisational controls. The auditor issues a report attesting that Teamgo meets the SOC 2 criteria being evaluated. The report describes our systems and if their design is suitable to meet the relevant trust principles.

• Teamgo’s SOC 2, Type 2 report validates that our security controls are appropriately designed to mitigate risk. So you can feel confident in our team’s ability to maintain security of your information.
• Security is at the forefront of Teamgo’s priorities, with verifiable processes and controls throughout our daily work cycle, such as always using 2-factor authentication (2FA), encrypting data, logging administrator actions, tracking access grants using verified policies, and following repeatable processes for a secure customer experience.
• You can verify our security practices and make sure they meet your company’s needs.
• Part of SOC 2, Type 2 is the agreement to have ongoing audits of our security practices ensuring that we are always up to date and keeping security the highest of priorities.

Teamgo employs providers that enable us to deliver our services within their framework guidelines. At this time we are able to extend the compliance encompassing their framework practices to our customers

• Amazon Web Services
• Cloudflare Inc
• Twilio
• Atlassian

International Traffic in Arms Regulations (ITAR)

As an Australian company that exports it’s services globally to organisations both private, civil and government, including importing services from regions such as the United States (US), Teamgo believes we have an obligation to acknowledge ITAR compliance.

ITAR, International Traffic in Arms Regulations, are a set of rules and regulations enforced by the US which must be followed when dealing with defence-related products across the supply chain.

Export and temporary import of defense articles and services are controlled by the International Traffic in Arms Regulations (ITAR). The US government requires manufacturers, exporters and brokers of defence articles, ddefence services or related technical data to be ITAR compliant.

Teamgo can assist with your ITAR compliance

Teamgo can help organisations meet their ITAR requirements around verifying citizenship and providing visitor access. Including but not limited to

• Verifying visitor identities (ID checks, capturing photos, information registration)
• Deny access to visitors who are not permitted to enter workplaces and alert workplace contacts
• Create unique sign-in workflows based on country of origin or citizenship
• Require visitors to choose their country of origin or citizenship, with the option to send their response to nominated workplace contacts
• Require visitors to be escorted by a host, with option to display visitor badges that have unique information included

Payment Card Industry Data Security Standards (PCI DSS)

Teamgo employs a 3rd party for processing card payments for services directly attributed to the Teamgo service. Our payments provider is a PCI compliant and accredited processor for card payments and security of personal payment information and payment details. We do not store personal or card payment information on our records directly on our systems

Teamgo can help with your PCI DSS compliance

Teamgo can help our customers, including those that that maintain service provider or merchant data, meet the requirements of the PCI Self-Assessment Questionnaires related to restricting physical access to cardholder data.

• Verify visitor identity (ID checking, photo capture, information registration) and deny access to those who are not permitted to access the workplace
• Maintain detailed visitor logs, forming a data repository of visitor arrivals and departures
• Customise sign-in workflows to include visitor names, organisations they represent and ensure employees (hosts) can oversee and authorise physical access
• Print wearable badges that identify visitors from employees and show important information
• Badges can be returned and filed or destroyed upon sign-out including the option to automatically expire badges if they have re-entry mechanisms.