At EVO, we work to provide the highest levels of operational security, integrity, and resiliency to our customers.

Our Technology Subcommittee reports to our Audit Committee and facilitates board-level oversight with regard to risks related to technology, information security, cybersecurity, data privacy, disaster recovery, and business continuity. The Technology Subcommittee receives regular reports from our Chief Information Officer on the Company’s cyber-risk profile and information security initiatives. Our executive leadership team also receives regular communications on these topics as well as any event exceeding certain cyber-risk tolerances.

EVOs cybersecurity strategy and program take into account requirements and relevant best practices from frameworks such as the Payment Card Industry Data Security Standard (PCI-DSS), ISO 27002, and NIST 800-53 and Trust Services Principles (Security, Availability, Processing integrity, Confidentiality and Privacy).

Our cybersecurity philosophy is based on education and awareness and vigilance.
  • Education and Awareness – Our dedicated cybersecurity team establishes and monitors standards, policies and operational processes while advising and educating our stakeholders to elevate proper respect and adherence to data privacy, controls and practices.
  • On a continual basis, we raise general security knowledge for all parties that interact with our information, services and systems. Our cybersecurity program ensures that stakeholders receive security awareness training at least once a year and periodically publishes security tips and techniques in our intranet and periodic regional phishing campaigns. We also focus in educating our development teams on techniques and practices to reduce defects in the final product. In addition, we integrate automated code validation tools and white-hat application testing as part of this process. We invite partners and experts to share with us the latest technology trends and attack vectors.
  • Vigilance – We continuously test and monitor to identify and remediate potential security weaknesses in our global footprint. We analyze cybersecurity trends and their potential impact on our environment over a period of time, allowing us to strengthen EVO’ s digital defense using a combination of technology, operations and policies to disrupt and deter malicious activity.

EVO has a dedicated 24/7 Security Operations Center that monitors our global “EVO Secure” platforms and telemetry. In the event this team detects or receives notice of an out of tolerance event, they are empowered to call our Cyber-defense Security Incidence Response team to investigate and determine the nature of the event and to direct or recommend pertinent next steps.

Our dedicated cybersecurity team attends annual security trainings, intranet based cybersecurity posture “tidbits” and monthly simulations to ensure our team understands the “look and feel” of real world situations.

We team up with third party industry experts and regulators to regularly assess EVO’ s cybersecurity program implementation and techniques regionally and globally for alignment with regulatory requirements and risk management assertions. EVO’s cybersecurity program supports the full EVO ecosystem through industry partnerships, regulatory compliance, and strategic investments.

To protect the resiliency and robustness of our services and partnerships; EVO regularly maintains and validates a companywide Business Resiliency and Disaster Recovery Program. This helps us ensure appropriate levels of business continuity and service levels are in place during adverse situations. In addition to the traditional backup and restore systems model, we have regional and geographically dispersed data centers supporting business defined requirements.

Our approach to privacy and data protection processes and practices are grounded in our belief that customers own their own data. Our privacy principles include a commitment to be transparent in our practices, offer meaningful privacy choices, comply with all of our regulatory obligations and responsibly manage the data we store, process or transmit.

The Securities and Exchange Commission (SEC) has not promulgated any rules about the presentation of, or metrics related to, certain ESG matters. Accordingly, the information we present may not be directly comparable to that presented by other companies. The information presented on this webpage often is based on statistics or metrics that are estimates, makes assumptions based on developing standards that may change, and provides aspirational goals that are not intended to be promises or guarantees. Accordingly, investors should not place undue reliance on the information set forth in this section of our website.

EVO periodically reviews and updates the content of this website. EVO reserves the right to revise or modify any information, programs or benefits in its sole discretion. Certain of the information included in this website is dated. In such cases, the statements speak only as of the date thereof. We undertake no obligation to update any of these statements to reflect events or circumstances after their date or to reflect actual outcomes, unless required by law. Accordingly, any person or candidate should not rely upon the content of this site as the most current information regarding EVO’s internal policies.

EVO Payments Inc. is an equal opportunity employer, committed to the hiring, advancement and fair treatment of individuals without regard to race, color, religion, gender, sexual preferences, age, national origin, ethnicity, disability or veteran status, or any other protected status designated by federal, state, or local law.