Compliance
Application security
Gravyty products haves been engineered with security as a priority. We are certified under the Cyber Essentials scheme. Each year we undertake an independent third party assessment by a specialist Application Security firm who tests for vulnerabilities within our application. Our most recent test results indicate a Good Security Level rating. We also provide our North American Higher Education customers a completed Higher Education Community Vendor Assessment Toolkit (HECVAT) on request.
Please see reports and certification logos below which link to the respective accreditations.
Data Hosting Environments
Gravyty uses third-party providers for its physical hosting and data services and we partner with the world’s leading cloud providers, AWS, Google Cloud and Heroku, which are proven leaders in the fields of availability, security and compliance.
AWS, Google Cloud and Heroku are fully accredited and certified to stringent global standards.
For more information on the accreditation and certification of AWS, please visit the Compliance Programs Here.
For more information on the accreditation and certification of Google Cloud, please visit the Standards, Regulation & Certifications page Here.
For more information on the accreditation and certification of Salesforce Heroku, please visit the Heroku and Compliance page Here.
PCI Compliance
Gravyty’s comprehensive Advance platform, powering Annual Giving, Crowdfunding and Giving Day initiatives is both PCI-DSS v.3 SAQ-A and SAQ-D compliant. We have our compliance audited by a Qualified Security Assessor (QSA). Gravyty does not store cardholder data electronically as all processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers.
Please see our audited SAQ-A and SAQ-D Attestations of Compliance below:
Fundraising Regulator
Gravyty is registered with the UK’s Fundraising Regulator, who is the independent regulator of charitable fundraising in England, Wales and Northern Ireland. We are registered as a commercial organization providing digital fundraising platforms (branded as Advance) to charitable institutions in the UK.
We abide by the Regulator’s Code of Fundraising Practice to promote a consistent, high standard of fundraising and develop a culture of honesty, openness and respect between fundraisers and the public. Please click on the logo below for more information.