Information Security Overview

Last Updated: 19 January 2026

Our Approach to Security

The Parkfield Collective maintains a security-first approach that meets ISO 27001 and SOC 2 standards. Our Security and Compliance Committee oversees all security and compliance efforts across Vellum Group operations.

Governance and Oversight

Executive accountability: Alex Zachman, CEO
Committee: Cross-functional leaders with quarterly reviews
Responsibilities include data protection, vendor security, incident management, and regulatory compliance

Security-First Principles

Security by Design
Defense in Depth
Zero Trust Architecture
Privacy by Default
Continuous Validation
Transparency with Clients
Incident Preparedness

Compliance Standards

ISO 27001, SOC 2, ISO 42001 (in progress)
GDPR, PIPEDA, CCPA/CPRA
OWASP, NIST, CIS Controls

Security Architecture

Development Security

SSDLC, threat modeling, static analysis
Security testing and dependency scanning

Infrastructure

ISO 27001-certified cloud providers
DDoS protection, geo-redundancy, automated config mgmt

Integration Security

Secure APIs, end-to-end encryption, activity logging
Client environments are fully segregated

Data Protection

AES-256 at rest, TLS 1.2+ in transit
Encrypted communications via Proton ecosystem
Data minimisation, classification, and localisation
Certified deletion procedures and secure project handoff

Access Control

MFA and strong passwords for all systems
RBAC and least-privilege principles
SSO, session timeouts, audit trails

Operational Security

Vulnerability Management

Regular scanning, annual pen tests, zero-day mitigation

Change Management

Change control, rollback, environment separation

Backups & Recovery

Daily encrypted backups, tested restoration
Defined RTO/RPO for recovery

Incident Response

24/7 coverage, tabletop exercises
Client notification as required

People Security

Background checks, annual security training
Confidentiality agreements and NDAs
Developer training for secure coding

Vendor Security

Vendor risk assessments, audit rights, DPAs
Platform vendor review and best practice enforcement

Client Data Protection

Segregated environments, retention policies
Deletion and audit rights
Clients maintain data ownership

Compliance and Auditing

Internal and external security audits
Annual penetration tests
Documented controls and security logs

Business Continuity & Disaster Recovery

Continuity plans, redundant systems, defined recovery objectives
Stakeholder communication and client continuity support

Client-Specific Security

Pre-project security reviews and custom controls
Secure handoffs, milestone reviews, platform-specific implementation security

Security Documentation Access

Clients may request:

Technical security specs
Questionnaire responses
Certifications and audit summaries
Insurance certificates

Contact Information

Security: security@parkfieldcollective.com
DPO: privacy@parkfieldcollective.com
Incidents: security-incident@parkfieldcollective.com

The Parkfield Collective
c/o Vellum Technologies Ltd
Pollexfen House, Wine Street
Sligo, F91 A3FD
Ireland

1. Initial Response

You'll hear from a real person within one business day. We operate across multiple time zones, so your inquiry is routed to the appropriate regional team for the fastest response.
‍

2. Discovery Conversation

We'll schedule a call to understand your situation, challenges, and goals. This is a conversation, not a sales pitch. We ask questions to understand if we're the right fit and what approach makes sense for your needs.

3. Clear Next Steps

If we're a good fit, we'll outline potential next steps - whether a mini-assessment, Kaizen audit, or scoped project. If not, we'll tell you honestly. We don't have salespeople, just customer success consultants focused on the right solution.