Security &
Compliance at Lolly
Certifications & Frameworks
At Lolly, protecting your data and ensuring operational integrity are at the core of everything we do. All customer data is securely stored on UK-based servers, fully compliant with the UK General Data Protection Regulation (UK GDPR). Our infrastructure is built with security by design—featuring encryption, continuous monitoring, and robust access controls. We go beyond compliance to deliver peace of mind through transparency, resilience, and proactive risk management. These practices are carried out by a UKAS-accredited company, with annual audits in place to ensure continued compliance and operational excellence.
ISO/IEC 27001:2022
Information Security Management
We operate in alignment with ISO/IEC 27001:2022, the internationally recognised standard for information security management. Our structured, risk-based approach ensures your data remains confidential, intact, and available—giving you confidence that your information is protected to the highest global standards.
ISO 9001:2015
Quality Management
We are certified to ISO 9001:2015, demonstrating our commitment to delivering consistent, high-quality services. This standard supports our focus on customer satisfaction, operational efficiency, and continuous improvement—ensuring you receive reliable results every time.
ISO 14001:2015
Environmental Management
Our operations are guided by ISO 14001:2015, the global standard for environmental management. We actively reduce our environmental impact,comply with regulations, and promote sustainable practices—helping you partner with a business that values long-term responsibility.
PCI DSS v4
Payment Security
Lolly is fully compliant with PCI DSS v4.0 across both physical and digital payment channels. We conduct annual QSA assessments, maintain an Attestation of Compliance (AoC), and use Point-to-Point Encryption(P2PE)—ensuring secure processing and protection of cardholder data.
Cyber Essentials & Cyber Essentials Plus
We are certified under both Cyber Essentials and CE+, demonstrating strong, independently verified protection against common cyber threats.
Security Practices
Penetration Testing
We conduct regular third-party penetration testing across our web and app platforms, including retesting to ensure vulnerabilities are resolved.
Third-Party Risk Management
Our vendors undergo strict vetting and annual reviews. We assess PCI DSS relevance and enforce ongoing due diligence to maintain data security.
Internal Controls & Governance
Access Controls
Role-based access and multi-factor authentication protect sensitive systems and data.
Change Management
All changes follow documented procedures, including code reviews and environment separation.
Security Audits
Regular internal and external audits help us stay compliant and continuously improve.
Training & Awareness
All staff, including current employees and new hires, receive annual security training, with onboarding sessions for new hires.
Frequently Asked Questions
We welcome visitors by appointment only, during normal office hours. Alternatively, you can arrange a Lolly Labs visit to your premises. Contact us to learn more.
You can either arrange a visit to Lolly Labs or keep an eye on our blog and social media accounts to read about upcoming launches.
Yes, we have our own R&D team, constantly working on new and innovative solutions to make catering and hospitality simpler and easier.
Yes, we're always interested to hear from our users on the new technology or software they'd like to see as part of the Lolly range of solutions. Feel free to drop us a line with any ideas.
The latest from the Lolly team
Read about the latest industry insights, new product releases and strategic thinking — published regularly by Lolly’s expert team.
Subscribe to our Newsletter.
Subscribe to our newsletter to get a curated summary of our latest insights delivered to your inbox monthly. No sales pitches, no spam — ever.
