MyCustomsInfo® - Customs Compliance Platform
MyCustomsInfo®

Trust & Compliance Credentials

The evidence behind every claim we make

Customs data is sensitive commercial intelligence. This page consolidates our security architecture, regulatory credentials, and operational principles so your procurement and information security teams have everything in one place.

Per-tenant data isolationISO 27001:2022 pathCBP HQ H350722 validatedICO registeredFull NDA & DPA from day one

Security Architecture

Four pillars protecting your customs data from ingestion to output.

Per-Tenant Data Isolation

Every client operates in a dedicated, isolated database environment. Your declarations, origin certificates and broker worksheets are never co-mingled with another importer’s data.

How our architecture works

AWS KMS Customer-Managed Keys

All data encrypted at rest using AWS Key Management Service with customer-managed keys (CMK). Encryption in transit via TLS 1.2+. You retain control of your encryption keys.

View security details

ISO 27001:2022 Certification Path

All 93 Annex A controls mapped. ISMS documented. CREST-certified penetration testing in place. Stage 1 audit scheduled Q3 2026, certification target Q4 2026.

View ISO roadmap

UK GDPR Article 28 Compliant

Full Data Processing Agreement available from day one. Sub-processor list on request. Data residency in your jurisdiction: eu-west-2 (UK/EU), us-east-1 (US).

Data governance policy

Regulatory Credentials

Every claim on this site is backed by a published ruling, a documented process, or a verifiable registration.

US CBP Rulings

HQ H272798 (January 2017)

Confirms third-party compliance software may be used to audit customs entries without holding a customs broker licence, provided the software does not prepare, file, or submit entries to CBP.

HQ H350722 (January 2026)

Reaffirms and extends HQ H272798. Confirms compliance auditing tools operating under a Software-as-a-Service model remain permissible under 19 USC §1641 when the licensed broker retains all filing authority.

19 USC §1641 Compliance

Independent Compliance Auditor

MyCustomsInfo® identifies duty recovery opportunities. Your licensed customs broker acts on our findings. We never prepare, file, or submit anything to CBP. We identify. Your broker acts.

UK & EU Regulatory

ICO Registration

Registered with the UK Information Commissioner’s Office for data processing activities related to customs compliance auditing and duty recovery.

AEO Posture

Platform architecture and access controls designed to support Authorised Economic Operator (AEO) status requirements for clients holding or pursuing AEO certification.

Operational Principles

Data encrypted in transit (TLS 1.2+) and at rest (AES-256 via AWS KMS CMK)

Strictly authorised human access only — every interaction logged and traceable

Mutual NDA and Data Processing Agreement from day one of every engagement

Data residency guaranteed in your jurisdiction — UK, EU, or US hosting regions

Minimal data retention by design — we don’t keep more than we need

Annual penetration testing by CREST-certified provider with remediation SLAs

What MyCustomsInfo® Does — and Does Not Do

What We Do

  • • Audit customs entries against source documents
  • • Identify duty recovery opportunities across regimes
  • • Produce structured findings with recommended actions
  • • Quantify overpayment exposure per entry and per regime
  • • Deliver audit packs to your licensed customs broker

What We Never Do

  • • Prepare, file, or submit entries to CBP
  • • Determine or confirm HTS classifications
  • • Act as your customs broker
  • • Complete CBP Form 5106 or drawback claims
  • • Make decisions that require a broker licence

Authority: CBP HQ H272798 (2017), HQ H350722 (2026), 19 USC §1641. See our full compliance statement.

Team Credentials

Every member of the MyCustomsInfo® team holds formal certification from the Chartered Institute of Export & International Trade (CIET) at Level 4 or Level 5.

DM

Dominic McGough

Founder & CEO

CIET Level 5
SM

Sally McGough

Operations Director

CIET Level 5
KKT

Kian Keong Tan

Senior Customs Analyst

CIET Level 4
MM

Mary McGough

Compliance & Training Lead

CIET Level 4
CA

Conor Anderson

Trade Compliance Specialist

CIET Level 5

Meet the full team

Detailed Documentation

Each area of our trust framework is documented in detail. Share these pages directly with your procurement, legal, or information security teams.

Data Architecture

Per-tenant isolation, blast radius containment, zero data co-mingling

Data Governance

Hosting regions, residency commitments, ISO 27001 roadmap

Data Security

AWS infrastructure, access controls, encryption standards

Confidentiality

Why we don’t publish case studies and require mutual NDAs

Compliance Statement

CBP HQ H350722 — formal US regulatory compliance statement

Implementation Guide

30-day onboarding roadmap: data handling, legal pack, effort split

Need more detail for your procurement team?

We provide a full information security pack on request: Data Processing Agreement, sub-processor list, architecture overview, and penetration test summary. Available under mutual NDA.

Book a Compliance ReviewRequest Security Pack

+44 151 808 0103 (UK) · +1 (312) 728-4277 (US) · [email protected]

US Regulatory Notice. MyCustomsInfo® is an independent compliance auditor. It does not conduct customs business as defined under 19 U.S.C. §1641. The specific tariff classification to be applied to any entry of merchandise is to be determined by a licensed Customhouse broker. MyCustomsInfo® output does not constitute entry preparation, classification advice, or customs broker services. Preparation and filing of Post-Entry Amendments, Post-Summary Corrections, protests, and drawback claims must be performed by a licensed customs broker. US broker records are held in US AWS regions in compliance with 19 C.F.R. §111.23. Primary authority: CBP HQ H272798 (January 2017). Supporting authority: CBP HQ H350722 (January 2026).