Compliance & Certifications
Jigsol is built for businesses that take regulatory compliance seriously. We maintain rigorous standards to ensure your data is handled lawfully and securely.
Data Protection & Privacy
UK GDPR Compliance
Jigsol is fully compliant with the UK General Data Protection Regulation (UK GDPR)and the Data Protection Act 2018. We implement comprehensive measures to protect personal data:
Lawful Basis for Processing
We process personal data under the following legal bases:
- Contractual Necessity: Processing required to fulfill our service agreement with you
- Legitimate Interests: Service improvement, fraud prevention, security monitoring
- Consent: Marketing communications and optional features (where applicable)
- Legal Obligation: Compliance with tax, accounting, and employment law
Data Subject Rights
We facilitate the exercise of all GDPR rights:
- Right of Access: Self-service data export and subject access request portal
- Right to Rectification: In-app data editing capabilities
- Right to Erasure: Account deletion with 30-day grace period
- Right to Restrict Processing: Granular consent and preference management
- Right to Data Portability: Export in CSV, JSON, and Excel formats
- Right to Object: Opt-out mechanisms for marketing and automated processing
Data Protection Officer
We have appointed a Data Protection Officer (DPO) responsible for monitoring GDPR compliance and serving as point of contact for data subjects and supervisory authorities.
Data Protection Officer
Email: dpo@jigsol.ai
ICO Registration
JIGSOL APPLIED INTELLIGENCE LIMITED is registered with the Information Commissioner's Office (ICO) as a data controller. Our registration demonstrates accountability and transparency in data processing practices.
Security Certifications Roadmap
Cyber Essentials (Q1 2026)
We are pursuing Cyber Essentials certification, the UK government-backed scheme that demonstrates fundamental cybersecurity controls including:
- Firewalls: Properly configured boundary and software firewalls
- Secure Configuration: Hardened systems and removal of unnecessary functionality
- User Access Control: Controlled access to data and services
- Malware Protection: Comprehensive anti-malware solutions
- Security Update Management: Timely patching of security vulnerabilities
This certification is increasingly required for public sector contracts and demonstrates our commitment to baseline security hygiene across our infrastructure and operations.
Cyber Essentials Plus (Q1 2026)
Following Cyber Essentials, we will pursue Cyber Essentials Plus, which includes hands-on technical verification through vulnerability scanning and configuration reviews by an independent certification body. This enhanced certification provides additional assurance of our security posture.
ISO 27001 (Q4 2026)
We are implementing an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 standards. This comprehensive framework includes:
- Risk assessment and treatment methodology
- Security policy framework and documented procedures
- Asset inventory and information classification
- Access control and encryption policies
- Incident response and business continuity plans
- Regular internal audits and management reviews
- Supplier security assessment and management
ISO 27001 represents the gold standard in information security management and will be independently audited and certified by an accredited certification body.
Financial & Employment Compliance
HMRC Compliance
Jigsol supports businesses in meeting their obligations to HM Revenue & Customs:
- Making Tax Digital (MTD): Compatible with MTD for VAT and Income Tax
- Record Retention: 7-year data retention for tax records
- Payroll Compliance: Integration with Sage and Xero for PAYE reporting
- CIS Compliance: Construction Industry Scheme support
- Auto-Enrolment Pensions: Integration with workplace pension providers
Employment Law Compliance
Our HR and scheduling modules are designed to help businesses comply with UK employment legislation:
- Working Time Regulations: 48-hour week monitoring and break enforcement
- National Minimum/Living Wage: Pay rate validation and alerts
- Holiday Entitlement: Statutory leave calculation (5.6 weeks)
- Parental Leave: Maternity, paternity, and shared parental leave tracking
- Right to Work: Document management and expiry alerts
- Equality Act 2010: Anonymized recruitment features
Agency Workers Regulations (AWR)
For recruitment agencies and businesses using temporary workers, we provide AWR compliance tools:
- 12-week qualifying period tracking
- Equal treatment entitlement management
- Day-one rights monitoring (access to facilities, job information)
- Pay parity calculations and reporting
International Standards
Data Transfers
While our primary data centres are in the UK/EU, we ensure compliance when data crosses borders:
- Standard Contractual Clauses (SCCs): EU Commission-approved contracts with sub-processors
- Adequacy Decisions: Transfers only to jurisdictions with adequate data protection
- Data Processing Agreements: GDPR-compliant DPAs with all vendors
- Transfer Impact Assessments: Risk evaluation for international transfers
OWASP Compliance
We follow the OWASP Top 10 security practices and implement protections against:
- Injection attacks (SQL, XSS, command injection)
- Broken authentication and session management
- Sensitive data exposure
- XML external entities (XXE)
- Broken access control
- Security misconfiguration
- Cross-Site Scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
Audit & Reporting
Internal Audits
We conduct regular internal audits including:
- Quarterly Security Reviews: Vulnerability assessments and penetration testing
- Monthly Compliance Checks: GDPR data processing audits
- Access Control Reviews: User permission and role audits
- Vendor Risk Assessments: Third-party security evaluations
External Audits
- Cyber Essentials Certification: Independent assessment by IASME-certified bodies (Q1 2026)
- ISO 27001 Certification Audit: Third-party certification audit by accredited body (Q4 2026)
- ISO 27001 Surveillance: Annual surveillance audits to maintain certification (post-certification)
- Security Testing: Regular third-party penetration testing and vulnerability assessments
Customer Audit Rights
Enterprise customers may request:
- Cyber Essentials and Cyber Essentials Plus certificates (when available)
- ISO 27001 certificates and statement of applicability (when available)
- Security questionnaire responses and compliance documentation
- Data processing impact assessments (DPIAs)
- Sub-processor lists and due diligence documentation
Contact compliance@jigsol.ai for audit documentation.
Breach Notification
GDPR Breach Procedures
In the unlikely event of a personal data breach, we follow GDPR requirements:
- Detection: Real-time monitoring and automated alerting
- Assessment: Severity classification and impact analysis within 24 hours
- ICO Notification: Report to supervisory authority within 72 hours (if required)
- Customer Notification: Inform affected customers without undue delay
- Documentation: Maintain breach register with facts, effects, and remedial action
Communication Commitment
We commit to transparent communication regarding security incidents:
- Notification within 72 hours of discovery
- Clear description of incident nature and scope
- Actions taken to mitigate harm
- Measures implemented to prevent recurrence
- Contact point for further information
Sub-Processors
Third-Party Data Processors
We maintain a current list of sub-processors who may process customer data:
| Sub-Processor | Service | Location |
|---|---|---|
| Rackspace Technology | Cloud Infrastructure & Hosting | UK / EU |
| Stripe | Payment Processing | Ireland (EU) |
| GoCardless | Open Banking & Direct Debit Payments | UK (FCA Authorised) |
| Cloudflare | CDN & Security | Global (EU data residency) |
| Companies House | Company Data Verification | UK (Government Service) |
| Xero | Accounting Integration | UK / EU |
| WorkflowMax (BlueRock) | Job Management Integration | New Zealand / Australia |
| Firefish Software | Recruitment CRM Integration | UK |
All sub-processors are assessed for security and data protection compliance before engagement. We maintain Data Processing Agreements with all sub-processors and can provide their security documentation upon request.
Infrastructure & Data Resilience
Our infrastructure is hosted on Rackspace, a leading enterprise cloud provider with comprehensive security and compliance certifications. We implement multiple layers of data protection:
- Continuous Backups: Automated backups of all live data with point-in-time recovery
- Geographic Redundancy: Data replicated across multiple UK/EU data centres
- Disaster Recovery: Tested recovery procedures with defined RTOs and RPOs
- Infrastructure Monitoring: 24/7 monitoring and automated failover capabilities
We notify customers of sub-processor changes with 30 days' notice and provide objection rights. Full sub-processor list available at compliance@jigsol.ai
Contact Compliance Team
For compliance questions, audit requests, or regulatory inquiries:
Compliance Team
Email: compliance@jigsol.ai
Data Protection Officer: dpo@jigsol.ai
Legal: legal@jigsol.ai
Documentation Requests
We provide the following documentation to customers and prospects:
- Security questionnaire responses (standard and custom)
- Data Processing Agreements (DPAs) compliant with UK GDPR
- Cyber Essentials and Cyber Essentials Plus certificates (from Q1 2026)
- ISO 27001 certificates and Statement of Applicability (from Q4 2026)
- Security assessment summaries (non-sensitive findings)
- Sub-processor lists and agreements
- ICO registration documentation
Request documentation at compliance@jigsol.ai
Contact Information
Company Name: JIGSOL APPLIED INTELLIGENCE LIMITED
Company Number: 15132952
Registered Office: Athene House, Suite Q, 86 The Broadway, London, NW7 3TD, United Kingdom
Incorporation Date: 12 September 2023