Fundraising compliance to the highest standards

Here at the Woods Group we put fundraising compliance at the centre of all we do. Data security, quality and continuity of service are enshrined within everything we do at and it remains our policy to invest continuously in best-in-sector fundraising compliance measures and practices. Here’s more about what keeps us ahead of the pack:

Corporate Governance

We understand the need to integrate our business values and operations to meet the expectations of clients, employees, regulators, suppliers, our community and the environment. To support this, we have implemented a fundraising compliance management system (CMS) which provides us with a framework for continually improving the suitability, adequacy and effectiveness of our compliance measures.

Our corporate and social responsibility compliance measures include a suite of defined policies:
> Equality and Diversity Policy > Anti-Bribery Policy > Social Responsibility Policy > Training and Development Policy > Information Security Policy > Data Protection Policy > Environmental Policy > Quality Management Policy > Health and Safety Policy.

To view details of our Corporate Governance programme please visit our Client Area where you can log in with your existing password or register for access with a charity email address.

Head of Compliance

Our Head of Compliance, Paula Robinson, has responsibility for and oversight of Woods Compliance Management System (CMS) and associated policies. Paula is an experienced professional with over 12 years’ experience in senior compliance roles, which has included being a PCI QSA, certified CSA Star Auditor and being accredited to deliver British Computer Society (BCS) courses in information security, business continuity and data protection.

Paula sits on our management team and reports directly into our MD. The fact we have a senior role dedicated solely to this area is testament to how seriously we take fundraising compliance.

Speak to our Fundraising Compliance Expert

If you have any specific compliance queries please contact Paula Robinson via our contact page.

Key Areas of Fundraising Compliance

Below you will find further details on our key areas of compliance and achievements within these areas, plus links to the relevant certificates, licences and policies.

PCI-DSS Level 1 Compliance
Gambling Commission ELM & RTS Compliance
Information Security
Business Continuity Management
Quality Management
Environmental Management

PCI-DSS Level 1 Compliance

The Woods Group is proud to be a validated PCI DSS Level 1 Service Provider – the highest level of PCI DSS compliance.

Demonstrated through a rigorous annual external audit process, by a PCI DSS Qualified Security Assessor (QSA), involving over 300 control measures encompassing people, processes, documentation and effective implementation we ensure the highest compliance levels are maintained and adhered to.

PCI DSS compliance is part of our information security management programme.

View our current PCI compliance certificate, issued by the QSA company. To view our Attestation of Compliance please visit our Client Area where you can log in with your existing password or register for access.

Gambling Commission ELM & RTS Compliance

The Woods Group was in the inaugural group of External Lottery Managers granted under the 2005 Gambling Act. We hold both remote and non-remote licenses and have Personal Management License (PML) holders within the business. View our license status.

This significant experience means we have a full suite of tried and tested ELM policies and procedures and can work proactively with our clients to ensure their full compliance with their LCCP commitments. Our policy suite can be viewed in our Client Area.

The Gambling Commission requires remote operating licence holders to comply with their Remote Gambling and Technical Standards (RTS). The Woods Group was amongst the first ELMs to attain this rigorous standard. This standard is subject to an annual independent external audit which ensures compliance levels are maintained and adhered to.

GC RTS compliance is part of our information security management programme. View our current GC RTS compliance certificate, issued by the external auditor.

Information Security

Ensuring good information security management is critical for all businesses and the Woods Group places information security at the top of our agenda.

To provide reassurance to our existing and prospective clients that we take an active and effective approach to information security management, the Woods Group has implemented a Compliance Management System (CMS) aligned to the International Standard for Information Security Management Systems (ISO/EIC 27001:2013).

By adopting this Standard we have been able to identify the risks to the information owned by us, and under our care, and implement the appropriate controls to reduce those risks. We monitor the effectiveness of the controls through internal audit, KPI monitoring, incident management, and in the case of measures mandated by PCI DSS and GC RTS, through external audit. These methods enable us to continually improve our policies, processes and working practices ensuring they remain effective, suitable and adequate, considering the ever-changing threat landscape as well as changes in legal, regulatory or contractual requirements.

To view details of our information security management programme and associated controls please visit our Client Area where you can log in with your existing password or register for access with your charity email.

Business Continuity Management

As with information security management it is vital businesses implement a strategy which ensures they are prepared and able to continue operations in the aftermath of a major incident (such as natural disasters, power outages, or cyber-attacks). Therefore, the Woods Group is implementing measures aligned to the International Standard for Business Continuity Management (ISO 22301:2012).

By adopting this Standard, we can demonstrate to our clients our commitment to maintaining our highest levels of service in the event circumstances require either a temporary or permanent relocation and recovery of our key services. These measures include incident management and recovery plans, an exercise programme as well as ensuring resilience and redundancy is built in to our infrastructure to remove any single points of failure and ensure continuation of service.

To view details of our business continuity management programme please visit our Client Area where you can log in with your existing password or register for access with your charity email address.

Quality Management

Underlining our commitment for providing a quality service to our clients, the Woods Group’s CMS is certified to the International Standard for Quality Management systems (ISO 9001:2015) which governs our quality management practises business-wide.

Our quality measures ensure we focus on delivering quality products and services, on time, with a commitment to work with our clients to continuously improve our processes and exceed their expectations.

To ensure compliance levels are maintained and adhered to our quality measures undergo six monthly external audits by a UKAS accredited certification body.  View our certificate in our Client Area.

Environmental Management

The Woods Group understands the importance of protecting the environment and improving our environmental performance. We are dedicated to upholding environmental standards and sustainability throughout our service operations and understanding the environmental challenges of the future. To support this, we have achieved certification to the International Standard for Environmental Management systems (ISO 14001:2015) which governs over environmental practices business-wide.

To ensure compliance levels are maintained and adhered to our environmental measures undergo six monthly external audits by a UKAS accredited certification body.

In addition to ISO 14001, we also hold the Forest Stewardship Council (FSC) Chain of Custody Certification which is audited annually by an external certification body.

View our certificates in our Client Area.

Like to be kept up to date on compliance? Visit our Client Area