UKAS Certified ISO 27001:2013
Alliantist, the organisation behind ISMS.online, is UKAS certified for ISO 27001:2013. That scope covers our whole organisation, the people in it and our services including ISMS.online.
In terms of the supply chain, our data centre partners are also world class and have the same or equivalent accreditations too. Data is stored in UK datacentres. Other suppliers that need to, also have their own certified ISMS or follow our policies and controls.
Pan UK Government Accreditation and PSN Certification
Alliantist also delivers services to meet high levels of information security which means our overall practices go beyond the scope of ISO 27001. In fact, Alliantist was the only supplier of its type that achieved Pan UK Government Accreditation for its government clients when that was required for early GCloud frameworks. We still work to those high standards and hold PSN Certification.
We have also met the requirements for the original HMG Security Policy Framework and the related policies and controls as part of the pan-government accreditation of another product in the Alliantist suite, the pam platform. These include undertaking Baseline Personnel Security Standard (BPSS) checks and other vetting on new hires in addition to the other UKAS certified ISO 27001:2013.
We follow the UK Information Commissioner’s Office (ICO) checklists for the General Data Protection Regulations and Data Protection Act 2018. These are a comprehensive set of 120 activities which demonstrates that we handle personal data responsibly and in accordance with the law.
ISMS.online offers 2-factor authentication (2FA) for its customers. All Alliantist staff also operate with 2FA on (where offered) for all services they need to deliver and support ISMS.online.
Single Sign-On (SSO)
ISMS.online supports Single Sign-On using SAML 2.0 and our list of supported identity providers is ever-growing. Examples of supported identity providers include Google, Microsoft Azure Active Directory and Okta.
The platform undergoes at least an annual penetration test in line with CHECK testing standards and also has further tests whenever there is a material change.
ISMS.online has also been rated A+ by independent checks using the Qualys review process for the SSL inspection.
In the unlikely event that things go wrong, you can be confident that we have insurance for Professional Indemnity for Technology Companies, Public and Products Liability, Employers’ Liability, as well as Cyber and Data Crisis Containment.
The organisation has achieved Cyber Essentials certification in line with the IASME standard.