Information Security

Following best practice in information security to ensure all data we hold is secure.

Security matters

As handling personal and sensitive data is part of the very nature of what we do, ensuring the security of that data is paramount to us.

As the technology and business landscape continues to evolve, so do our needs to respond to threats to security which is why we have developed a robust strategy and have individuals within our business charged with keeping this up to date.

information security

ISO/IEC 27001 Certification

We continue to maintain ISO 27001 certification, and use ISO 27001:2013 as our Information Security Framework. As the highest certification that can be achieved in this area, it seeks to maintain the confidentiality, integrity and availability of information assets as well as providing effective risk management. To achieve this certification we have been externally audited against information security best practice.

information security

ISAE 3402 External Audit

In addition to our ISO 27001 certification, we also undertake an additional voluntary external audit The ISAE 3402 Type II Service Organisation Control report is also carried out by independent auditors to ensure that our internal controls are adequate. This an internationally recognised standard.


We have Data Protection Officer on site who is charged with monitoring compliance, in addition to a GDPR compliance framework that ensures we maintain our GDPR obligations as a service provider.

The framework was built covering many areas in our ISO 27001 certification to ensure that the highest standards of security are met.

We also create a Data Processing Agreement with every one of our clients which includes running through the details of how we work and how we manage personally identifiable and sensitive data.

Business Continuity

All of these systems are in place to avoid disaster, but we still have a plan in place for every eventuality. Dataplan has a robust business continuity strategy that ensures you can be confident that whatever happens your payroll deadlines are met and employees are paid on time.

Our UK based backup system is industry leading and in the event of disasters such as fire, floods and power failures we can be back up and running during three hours. Our strategies are so comprehensive that during the first UK lockdown of the Coronavirus pandemic we had already acquired all of the equipment to allow our teams to work remotely and they were deployed successfully within a matter of days. Our clients experienced no interruption to their service.


The CIPP Payroll Assurance Scheme (PAS) is considered to be the ‘gold standard’ award in payroll, and is currently the only voluntary accreditation on the market.

It has been developed by the Chartered Institute of Payroll Professionals (CIPP) in partnership with HMRC to give assurance that a provider’s services have been assessed to be of the highest standard.

The scheme looks at two areas; processes and people, checking that the appropriate controls are in place, compliance is maintained and our service is fit for purpose. It also requires us to have plans in place for the continuous development of our processes and our people who are tested on their skill levels, our appraisal process and training plans are also checked.

information security