We practice what we preach
We understand the importance of information security, and treat your data as we do our own.
UKAS Accredited ISO 27001: 2013
Alliantist, the organisation behind ISMS.online, is UKAS accredited ISO 27001: 2013, (registration number ISM 1012806). Our key data centre partners have the same or equivalent accreditations too and all customer information is hosted in the UK at these secure data centres.
Cloud Security Principles
We follow the Cloud Security Principles.
2 Factor Authentication
We operate a secure 2 factor authentication process on ISMS.online.
HMG Security Policy Framework
We have also met the requirements for the original HMG Security Policy Framework and the related policies and controls as part of the pan-government accreditation of our sister product, Official: Sensitive pam platform. These include undertaking Baseline Personnel Security Standard (BPSS) in addition to the UKAS certified ISO 27001:2013.
Our sister product, pam for secure government networks achieved PSN accreditation when that was a service offered by CESG. This determined pam as ready for use for all government departments having undergone extensive penetration testing to exacting CESG standards, beyond what a local accreditor would anticipate. pam is the only service of its type to have achieved this level of confidence and assurance.
The ISMS.online platform undergoes at least an annual penetration test in line with CHECK testing standards and also has further tests whenever there is a material change.
ISO 27017 – Cloud Security & ISO 27018 – Cloud Privacy
We are currently enhancing our UKAS Certified ISO 27001:2013 with additional investments against these standards with a view to attaining full compliance during the 2017/18 financial year.
Having also achieved the highest levels of pan-government accreditation as part of our G-Cloud framework position it means that agencies and their partners can trust the environment and quickly adopt the platform to get early benefits. It also saves the agencies themselves spending weeks or months of cost locally accrediting it (unless they want to operate beyond OFFICIAL SENSITIVE). We are also one of the few services that have received PSN Accreditation overall. This version of pam runs exclusively over the secure government networks PSN, PSN-P, GSI, GCSX, and PNN.
If you would like a full list of our security credentials, please get in touch.