Whether you're a data owner or supplier, DataSeal is an accessible, achievable and cost-effective way to show you have the right information security measures in place.
DataSeal is the only recognised standard for information security management systems other than ISO 27001.
This private standard is available to DMA members and non-members.
You can find out more by emailing dataseal@dma.org.uk or calling 020 7291 3300. If you have a specific question, contact
Tej Daffu, Head of Membership at the DMA.
DataSeal sets out performance requirements for:
- Risk assessment
- Management responsibility
- Traceability and responsibility of data
- Acceptable use
- Access control
- Passwords
- Virus/spy prevention
- Internet/network security
- System/server security
- Back-ups
- Data storage and elimination
- Outsourcing
DataSeal Assessment Criteria
Find out which security requirements your organisation needs to implement with regards to client data to achieve DataSeal certification.
DataSeal provides an accessible, achievable and cost-effective route to demonstrate that you have implemented appropriate information security measures for your business.
The DataSeal standard is defined in the
Assessment Criteria document, setting out performance levels for:
- risk assessment
- management responsibility
- traceability
- responsibility
- acceptable use
- access control
- passwords
- virus/spy prevention
- internet/network security
- system/server security
- back-ups
- data storage and elimination
- outsourcing
To apply for DataSeal certification, download an application form here.
Risk Assessments
Learn how to compile an information security risk register. Use our risk register template to record risk assessments made by your organisation.
One of the fundamental requirements of the Assessment Criteria is to undergo a rigorous risk assessment process.
One of the outputs from any risk assessment process is the compilation of an information security risk register. Once created, this should be maintained as a live database that holds summary details of all identifiable risks in an organisation, together with their analysis and the plans for their control, management or elimination.
The creation of a risk register will also enable you to create a prioritised list of security risks for your organisation and put into effect appropriate countermeasures and ongoing review processes.
Risk assessment template
Please click here to access an Excel copy of a Risk Assessment template. This template can then be downloaded onto your PC and used to record any number of risk assessments made by your organisation using the rows provided. The first row has been filled in as an example for you. By hovering your mouse over the corner of the columns, you will see an explanation of each column heading.
Additional guidance
Once you compiled your risk assessment register, you will want to rate the relative priorities of each identifiable risk. The Risk Tolerance Matrix can act as a useful guide in this.
Please also refer to the Risk classification guidance notes when consulting the matrix.
To apply for DataSeal certification, download an application form here.
Self Assessment Tool
Use our tool to see how your organisation is performing against the DataSeal standard. It's a quick, simple excel-based questionnaire.
Find out how your organisation is currently performing against the DataSeal standard with the Self Assessment Tool.
Please click here to access the DataSeal self-assessment tool. This is a quick, simple Excel-based questionnaire, which has been devised by our data security consultants to provide you with a preliminary guide as to how your organisation is currently performing against the DataSeal standard, and identify possible areas for focus before you take the step of applying or seeking further consultancy.
Please note this self-assessment tool is to be used for guidance purposes only. A strong score in the self-assessment is no guarantee that DataSeal certification will be awarded should you apply for the standard.
To apply for DataSeal certification, download an application form here.
How to apply
A step-by-step guide to applying for DataSeal certification.
Please follow the steps below should you wish to apply for DataSeal certification.
1. Read the Assessment Criteria and be confident that you have implemented and tested any required changes to your information security practices and procedures. If you are not confident that your company would pass an audit, then it might be worth considering engaging a data security consultant to help you prepare for certification.
2. Make sure you read and understand the application terms and conditions
3. Print out and complete the application form
4. Enclose the completed application form and a cheque for the appropriate initial application fee made payable to 'The Direct Marketing Association (UK) Ltd':
Initial application fee: £500 + VAT
and post to:
DataSeal
Compliance Team
DMA (UK) Ltd
70 Margaret Street
London
W1W 8SS
Alternatively, you can email your application to dataseal@dma.org.uk
If you do not wish to pay by cheque, please contact the DMA compliance team who can arrange an alternative method of payment.
Please note: If your organisation has already achieved ISO 27001 certification through a UKAS-approved certification body, then you will be eligible for automatic DataSeal certification. Please also enclose a copy of your current ISO 27001 certificate with your application form.
Once step 4 has been completed, the path to DataSeal certification begins. When the DMA Compliance team has received your application document(s), you will be issued with an invoice.
Pre Audit & Audit
Registration fee £500
£4,000 Member £5,000 Non Member
Typically 1 day on site and 1 day for the report (for each audit)
Excludes auditor expenses
Audit Only
Registration fee £500
£2,000 Member £2,500 Non Member
Renewal of accreditation
Registration fee £500
£1,500 Member £1,750 Non Member
Organisations with ISO 27001
Once certificate has been verified a yearly fee of £500 will apply
All the above prices are subject to VAT
To apply for DataSeal certification, download an application form here.
Frequently asked questions
Is DataSeal certification applicable to my company?
Data sits at the core of marketing activity. If your organisation is involved in the use, storage or transfer of personal data, DataSeal is applicable to you.
What are the benefits of DataSeal for one-to-one marketing services suppliers?
The DMA will actively promote DataSeal to users of marketing services as a prerequisite when selecting service providers. DataSeal certification will give your organisation the advantage over your non-certified competitors. You will also gain significant professional benefits from becoming DataSeal certified because it will:
- minimise your organisation's risk of data loss or misuse
- minimise your organisation's risk of adverse publicity and the subsequent loss of clients and revenue
- provide your prospective clients with instant assurance that you have in place a robust approach to managing and protecting consumer data
What are the benefits of DataSeal for brands and one-to-one marketing clients?
DataSeal will provide you with a rigorous set of security controls for your own business to provide peace of mind for your customers to share their details with your company.
Becoming DataSeal certified will help to minimise your risk of:
- data loss or misuse
- adverse publicity
- brand damage
Accredited Members
Acxiom Ltd
Adestra
CACI Ltd
Callcredit Marketing Solutions
DLG
DST Applied Analytics
Inc Direct
Mosaic Fulfilment Solutions Ltd
MRM Meteorite
ONE POST – Postal Choices Ltd
PDV Ltd
Prophecy Unlimited
Pulse Environmental Limited
Pureprint Group Limited
Rapp UK Response One Ltd
REaD Group
Royal Mail Address Management Unit
Royal Mail Data Services
Royal Mail MarketReach
Please login to comment.
Comments