Security & Compliance
at Lolly

Certifications & Frameworks

At Lolly, protecting your data and ensuring operational integrity
are at the core of everything we do. All customer data is securely stored on UK-based servers, fully compliant with the UK General Data Protection Regulation (UK GDPR). Our infrastructure is built with security by design—featuring encryption, continuous monitoring, and robust access controls. We go beyond compliance to deliver peace of mind through transparency, resilience, and proactive risk management.

ISO/IEC 27001:2022

Information Security Management  

We align with ISO/IEC 27001:2022, the global standard for information security, ensuring our systems and policies protect data confidentiality, integrity, and availability.

ISO 9001:2015

Quality Management

Our ISO 9001:2015 certification reflects our commitment to continuous improvement and consistent delivery of high-quality services.

ISO 14001:2015

Environmental Management  

We operate sustainably and responsibly, with ISO 14001:2015 compliance guiding our efforts to reduce environmental impact.

PCI DSS v4

Payment Security

Lolly is fully compliant with PCI DSS v4 across physical and e-commerce channels. We conduct annual QSA assessments, maintain an Attestation of Compliance (AoC), and use Point-to-Point Encryption (P2PE) for secure transactions.

Cyber Essentials & Cyber Essentials Plus  

We are certified under both Cyber Essentials and CE+, demonstrating strong, independently verified protection against common cyber threats.

Security Practices

Penetration Testing

We conduct regular third-party penetration testing across our web and app platforms, including retesting to ensure vulnerabilities are resolved.

Third-Party Risk Management  

Our vendors undergo strict vetting and annual reviews. We assess PCI DSS relevance and enforce ongoing due diligence to maintain data security.

Internal Controls & Governance

Access Controls

Role-based access and multi-factor authentication protect sensitive systems and data.  

Change Management

All changes follow documented procedures, including code reviews and environment separation.

Security Audits

Regular internal and external audits help us stay compliant and continuously improve.

Training & Awareness

All staff receive annual security training, with onboarding sessions for new hires.

Frequently Asked Questions

When is Lolly Labs open for visitors?

We welcome visitors by appointment only, during normal office hours. Alternatively, you can arrange a Lolly Labs visit to your premises. Contact us to learn more.

Where can I see new products before they're released?

You can either arrange a visit to Lolly Labs or keep an eye on our blog and social media accounts to read about upcoming launches.

Does Lolly develop new products in-house?

Yes, we have our own R&D team, constantly working on new and innovative solutions to make catering and hospitality simpler and easier.

Can I make suggestions for new products?

Yes, we're always interested to hear from our users on the new technology or software they'd like to see as part of the Lolly range of solutions. Feel free to drop us a line with any ideas.

The latest from the Lolly team

Read about the latest industry insights, new product releases and strategic thinking — published regularly by Lolly’s expert team.

Featured Article

Royal Agricultural University Partners With Lolly

The Royal Agricultural University (RAU), a leading institution dedicated to agricultural education and innovation, has partnered with Lolly, the hospitality technology specialist, to upgrade and modernise its campus catering services.
Featured Article

5 Signs You've Outgrown Your POS

If a current POS system is falling short of expectations, investing in a more streamlined, high-performance solution that delivers a high ROI could be the next logical step for catering businesses that are looking to level-up their operational efficiency.
Featured Article

Shaping Students’ Futures At The University Of Suffolk

On Thursday 27th May, Lolly sponsored the Entrepreneur Pitch Competition & Enterprise Awards at the University of Suffolk. This event, designed for final-year BA (Hons) Business Management students, celebrated innovation, entrepreneurial spirit, and real-world business impact.
View More

View All Articles