Security Whitepaper

Our information security management system (ISMS) is designed and operated in alignment with ISO/IEC 27001:2022 requirements.

We maintain comprehensive security policies covering all aspects of information handling, from data classification to incident response.

Regular security assessments and penetration testing ensure our controls remain effective against evolving threats.

As a UK-based consultancy, we fully comply with the UK GDPR and Data Protection Act 2018.

We process personal data lawfully, fairly, and transparently, collecting only what is necessary for our legitimate business purposes.

Data subjects have full rights over their personal data, including access, rectification, erasure, and portability.

We maintain detailed records of processing activities and conduct regular data protection impact assessments.

Our security controls are aligned with Annex A of ISO/IEC 27001:2022, covering all 93 controls across organisational, people, physical, and technological domains.

We maintain a comprehensive Statement of Applicability documenting our control implementation status.

Internal audits are conducted annually to verify ongoing compliance and identify improvement opportunities.

All suppliers and partners undergo security assessment before engagement.

We maintain vendor risk management processes to monitor ongoing supplier security posture.

Contractual arrangements include appropriate security requirements and data processing agreements.

We maintain a documented incident response plan with clear escalation procedures.

Security incidents are reported, investigated, and resolved in accordance with regulatory timeframes.

Post-incident reviews drive continuous improvement of our security controls.

Business continuity and disaster recovery plans ensure service availability.

Critical systems and data are regularly backed up with tested restoration procedures.

Our cloud infrastructure provides resilience through geographic redundancy.