Information Security Overview

Last Updated: 19 January 2026

Our Approach to Security

The Parkfield Collective maintains a security-first approach that meets ISO 27001 and SOC 2 standards. Our Security and Compliance Committee oversees all security and compliance efforts across Vellum Group operations.

Governance and Oversight

Executive accountability: Alex Zachman, CEO
Committee: Cross-functional leaders with quarterly reviews
Responsibilities include data protection, vendor security, incident management, and regulatory compliance

Security-First Principles

  • Security by Design
  • Defense in Depth
  • Zero Trust Architecture
  • Privacy by Default
  • Continuous Validation
  • Transparency with Clients
  • Incident Preparedness

Compliance Standards

  • ISO 27001, SOC 2, ISO 42001 (in progress)
  • GDPR, PIPEDA, CCPA/CPRA
  • OWASP, NIST, CIS Controls

Security Architecture

Development Security

  • SSDLC, threat modeling, static analysis
  • Security testing and dependency scanning

Infrastructure

  • ISO 27001-certified cloud providers
  • DDoS protection, geo-redundancy, automated config mgmt

Integration Security

  • Secure APIs, end-to-end encryption, activity logging
  • Client environments are fully segregated

Data Protection

  • AES-256 at rest, TLS 1.2+ in transit
  • Encrypted communications via Proton ecosystem
  • Data minimisation, classification, and localisation
  • Certified deletion procedures and secure project handoff

Access Control

  • MFA and strong passwords for all systems
  • RBAC and least-privilege principles
  • SSO, session timeouts, audit trails

Operational Security

Vulnerability Management

  • Regular scanning, annual pen tests, zero-day mitigation

Change Management

  • Change control, rollback, environment separation

Backups & Recovery

  • Daily encrypted backups, tested restoration
  • Defined RTO/RPO for recovery

Incident Response

  • 24/7 coverage, tabletop exercises
  • Client notification as required

People Security

  • Background checks, annual security training
  • Confidentiality agreements and NDAs
  • Developer training for secure coding

Vendor Security

  • Vendor risk assessments, audit rights, DPAs
  • Platform vendor review and best practice enforcement

Client Data Protection

  • Segregated environments, retention policies
  • Deletion and audit rights
  • Clients maintain data ownership

Compliance and Auditing

  • Internal and external security audits
  • Annual penetration tests
  • Documented controls and security logs

Business Continuity & Disaster Recovery

  • Continuity plans, redundant systems, defined recovery objectives
  • Stakeholder communication and client continuity support

Client-Specific Security

  • Pre-project security reviews and custom controls
  • Secure handoffs, milestone reviews, platform-specific implementation security

Security Documentation Access

Clients may request:

  • Technical security specs
  • Questionnaire responses
  • Certifications and audit summaries
  • Insurance certificates

Contact Information

Security: security@parkfieldcollective.com
DPO: privacy@parkfieldcollective.com
Incidents: security-incident@parkfieldcollective.com

The Parkfield Collective
    c/o Vellum Technologies Ltd
    Pollexfen House, Wine Street
    Sligo, F91 A3FD
    Ireland

Digital Transformation | Platform Architects | Transatlantic Infrastructure

Innovate. Grow. Blast Off.
Serving Canada, European Union, Ireland, United Kingdom, and the United States of America.
Twitter IconInstagram IconFacebook IconLinkedIn Icon
About us
- Careers
Services
- Digital Transformation
- Digital Accessibility and WCAG
- Small Medium Business
- AI Strategy and Implementation
- SEO and GEO Services
let’s work   let’s work   let’s work   let’s work
let’s work   let’s work   let’s work   let’s work
let’s Read
let’s work
let’s work
let’s work
let’s work
let’s work
let’s work
let’s work
Footer Brand
Digital Transformation | Platform Architects | Transatlantic Infrastructure

Innovate. Grow. Blast Off.
Serving Canada, European Union, Ireland, United Kingdom, and the United States of America.
Twitter IconInstagram IconFacebook IconLinkedIn Icon
About us
Services
CASE STUDIES
Contact us
Legal
- Privacy Policy
- Terms of SERVICE
- Cookies policy
- Accessibility Statement
- Ethical AI Statement
- Information Security Overview
The Parkfield Collective is the commercial consulting arm of Vellum Technologies Ltd - Teicneolaíochtaí Vellum Teoranta. Parkfield operates as a referral and technology partner in a capacity similar to an Independent Sales Organization (ISO) on behalf of licensed acquiring banks and payment institutions, but does not act as a bank, hold client funds, or engage in regulated payment activities. Parkfield maintains compliance with applicable data security and financial standards, including PCI DSS and PSD2 requirements. All regulated services are provided exclusively by licensed financial institutions authorized in their respective jurisdictions in the United States, Canada, the United Kingdom, and the European Union.
© 2026 Vellum Group | All Rights Reserved | Made ❤️ in Ireland ☘️, Czech Republic 🏰, and North America 🍁🏒