Our Information Security
As you might imagine, we take our own information security very seriously. We operate a management system that is compliant to ISO27001:2013 and ISO9001:2008 (the Quality Management standard) and is externally certified by the UKAS accredited company British Assessment Bureau. We are also certified to Cyber Essentials Plus.
We go to extreme lengths to protect the data we hold, there really is nothing like practicing what you preach!
In keeping with our no nonsense approach we have five data classification levels:
Anyone can see it
Just for staff
Named staff members only
Commercial in confidence
Client-related data that we'd prefer wasn't shared. Things like pricing and proposals.
The biggie. Client data that comes from engagements. This is always encrypted at rest, never transferred over public networks without encryption and once an engagement finishes, the data is checked into an archive that is encrypted using the public key from a specially protected key pair.
Third Party Security
Like most businesses these days, we make use of a number of third party platforms to help us run our business including Accounting, CRM and web hosting. Each of these is assessed in line with our ISMS due diligence procedures and is only used to store information related to either our company or our clients once it has passed.
We run a number of public-facing applications and systems, including this website. If anyone discovers or suspects there may be a security vulnerability in one of these, they are invited to contact us via our Security Mailbox and use our PGP public key in order to encrypt the message. We will review the information submitted and react accordingly. Your responsible disclosure is very much appreciated.