Compliance

Information Security Management System

ISO 27001 Certified

Circit and its staff are governed by robust procedures and administrative controls which are certified to ISO 27001:2013.

The company’s information security policy sets out Circit’s commitment to preserving the confidentiality, integrity and availability of all the physical and electronic information assets within its Information Security Management System (ISMS) operated from its office in Dublin.

The ISMS is subject to continuous systematic review, improvement and regular re-certification audits.

View Circit's ISO 27001:2013 Certificate

Data Privacy Compliance

EU General Data Protection Regulation (GDPR)

Circit processes personal data in accordance the current data protection laws in Ireland. In addition, Circit’s commitment to data privacy is demonstrated by the additional steps taken to comply with the general data protection regulation (GDPR) which is due to come into force on the 25th May 2018.

By maintaining strict adherence to GDPR, Circit allows its customers to ensure their own compliance to the new regulation which has considerable implications beyond existing data protection laws.

Read the Privacy Statement

Auditing Standards

Circit complies with International Standards on Auditing in the U.K. and Ireland for External confirmation requests.

Responses are direct from the confirming party, either through the Circit Platform or the evidence providers existing channel.
The auditor maintains control at all times within the Circit Platform.
Address validation is performed by Circit during any on-boarding process. For requests being fulfilled by providers setup by the audit firm, the validation process remains their own responsibility.
The identity management, encryption and the secure environment provided by Circit mitigates against any risk of using the service over the paper based process.

Legal

eIDAS

Where e-signatures are used on the platform, Circit complies with the European Union Regulation eIDAS (EU No.910/2014) regarding electronic identification, signatures and documents.

Signature Authority

Each signature on an audit request is affixed to that request and applied with an extended validation digital certificate which ensures the request document is immutable.

A certificate of completion is attached to the request with the digital certificate identifier and an audit trail to show who signed the request and when.

Court Admissable Transaction Logs

Circit creates a comprehensive transaction trail between signing parties including end-user information, timestamps, and IP addresses which are appended to each signature request.

Regulatory Compliance