Our Security

Our Information Security

As you might imagine, we take our own information security very seriously. We operate a management system that is compliant to ISO27001:2013 and ISO9001:2008 (the Quality Management standard) and is externally certified by the UKAS accredited company British Assessment Bureau. We are also certified to Cyber Essentials Plus.

ISO27001 logo
ISO27001 logo

We go to extreme lengths to protect the data we hold, there really is nothing like practicing what you preach!

In keeping with our no nonsense approach we have five data classification levels:

Public

Anyone can see it.

Internal

Just for staff.

Confidential

Named staff members only.

Commercial in confidence

Client-related data that we’d prefer wasn’t shared. Things like pricing and proposals.

Client Confidential

The biggie. Client data that comes from engagements. This is always encrypted at rest, never transferred over public networks without encryption and once an engagement finishes, the data is checked into an archive that is encrypted using the public key from a specially protected key pair.

Third Party Security

Like most businesses these days, we make use of a number of third party platforms to help us run our business including Accounting, CRM and web hosting. Each of these is assessed in line with our ISMS due diligence procedures and is only used to store information related to either our company or our clients once it has passed.

Our Applications

We run a number of public-facing applications and systems, including this website. If anyone discovers or suspects there may be a security vulnerability in one of these, they are invited to contact us via our Security Mailbox and use our PGP public key in order to encrypt the message. We will review the information submitted and react accordingly. Your responsible disclosure is very much appreciated.