Compliance

Application Security

The Graduway application has been engineered with security as a priority. We are certified under the Cyber Essentials scheme. Each year we undertake an independent third party assessment by a specialist Application Security firm who tests for vulnerabilities within our application. Our most recent test results indicate a Good Security Level rating. We also provide our North American Higher Education customers a completed Higher Education Community Vendor Assessment Toolkit (HECVAT) on request.

Please see reports and certification logos below which link to the respective accreditations. 

Data Hosting Environments

Graduway uses third-party providers for its physical hosting and data services. Graduway partners with the world’s leading cloud providers, AWS, Google Cloud and Heroku, who are proven leaders in the field for availability, security and compliance.

AWS, Google Cloud and Heroku are fully accredited and certified to stringent global standards.
For more information on the accreditation and certification of AWS, please visit the  Compliance Programs Here
For more information on the accreditation and certification of Google Cloud, please visit the Standards, Regulation & Certifications page Here.
For more information on the accreditation and certification of Salesforce Heroku, please visit the Heroku and Compliance page Here.

PCI Compliance

Graduway’s comprehensive GradAdvance platform, powering Annual Giving, Crowdfunding and Giving Day initiatives is both PCI-DSS v.3 SAQ-A and SAQ-D compliant. We have our compliance audited by a Qualified Security Assessor (QSA). Graduway does not store cardholder data electronically as all processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers.

Please see our audited SAQ-A and SAQ-D Attestations of Compliance here:

Fundraising Regulator

Graduway is registered with the UK’s Fundraising Regulator, who is the independent regulator of charitable fundraising in England, Wales and Northern Ireland.  We are registered as a commercial organization providing digital fundraising platforms (branded as GradAdvance) to charitable institutions in the UK.

We abide by the Regulator’s Code of Fundraising Practice to promote a consistent, high standard of fundraising and develop a culture of honesty, openness and respect between fundraisers and the public. Please click on the logo below for more information.