Access Intelligence Trust Centre
Security & Compliance | InfoSec Policies | Third-Party Risk Assessments | GDPR | Sub-Processors | Corporate Governance
ISO 27001
The Access Intelligence Group (UK), has achieved the ISO/IEC 27001 certification. This is an international standard for Information Security Management that demonstrates an ongoing commitment to apply the most rigorous risk management model to protect information and data belonging to both the Group and its clients.
The standard forms the basis for the effective management of confidential information and the application of information security controls. It recognises an ongoing commitment to review systems and suppliers, identify risks, assess implications and put controls in place for data security. This includes auditing all systems, information assets, operational processes, legal and regulatory requirements, and an ongoing training programme to strengthen the organisation’s expertise in risk management and data security.
ISO 27001 recognises the Group’s exceptional standards in data management and security. This benefits all clients who can rely on the company’s ability to store and process sensitive data in a secure way underpinned by robust systems, increased business resilience, and improved management processes.
– Download Access Intelligence’s ISO 27001 Certificate
– Download Statement of Applicability
– Read more about ISO 27001
GRC
Governance, Risk, and Compliance (GRC) is a structured way to align IT with business objectives whilst managing risks and complying with legal obligations. It includes tools and processes to unify an organisation’s governance and risk management with its technological innovation and adoption. Access Intelligence uses GRC to achieve organisational goals reliably, remove uncertainty, and meet compliance requirements.
Information Security Governance
How an organisation aligns its activities, processes, structures, and policies with business objectives.
Our Information Security Policy is available for review below. The policy contains Security Control requirements (ISDL references below):
– Download Access Intelligence Information Security Policy v6
All information security policies are approved by senior management and reviewed through a program of internal and external audits:
– Management Review (ISDL09)
– Internal Audit (ISDL14)
Information Assets
Information is stored in various assets and supporting assets.
Our ISMS contains a comprehensive Inventory of Assets which identifies the dedicated owner for each. Asset Owners ensure that all information assets are protected, maintaining their confidentiality, integrity and availability.
Access to information assets is always restricted to the minimum required to undertake authorised business activities.
All assets and supporting assets are regularly reviewed. Risk Assessments are carried out based on our risk assessment methodology.
Control objectives from ISO 27001 are recorded in the Information Security Management System (ISMS), including our Statement of Applicability (SoA) to show which security controls have been selected to mitigate any identified risks.
– Asset Management (ISDL05)
– Access Control (ISDL07)
– Information Classification and Handling (ISDL52)
Our People
Everyone at Access Intelligence understands their role and responsibilities for Information Security. These are clearly written in each policy.
We have an ongoing training and education programme where all colleagues regularly refine their knowledge.
– Information Security and Data Protection Training (ISDL02)
– Adding policy compliance into job descriptions(ISDL53)
– Acceptable Use (ISDL06)
– BYOD Policy (ISDL30)
– Password Management (ISDL03)
– Clear Desk and Clear Screen (ISDL16)
– Employee Screening (ISDL55)
– Information Security Roles & Responsibilities (ISDL10)
Product Development
We encourage our clients, vendors and security partners to be part of our next steps and future plans. As a result, our products are constantly improving.
We minimise risks during development by training our developers to follow coding standards, OWASP recommendations and implement several stages of review for each code change.
Our products are hosted in the cloud and we conduct regular compliance checks for all of our suppliers.
Privileged access is monitored, encryption and MFA are in place where possible, code is under version control and all data is regularly backed up.
We regularly review our processes and aim to continually improve by following Agile methodologies.
– Secure Development (ISDL77)
– Encryption (ISDL11)
– Supplier Management (ISDL19)
– Change Management (ISDL54)
Handling Incidents
If Access Intelligence were ever to suspect or suffer a loss of confidentiality (e.g. data leak), integrity (e.g. website hack) or availability (e.g. service is down) the Information Security Manager would be alerted immediately.
All security incidents are recorded in the ISMS with an Incident Manager identified. Each incident is treated as a priority and communicated accordingly.
We maintain a robust Disaster Recovery Plan for production services and platforms and run frequent vulnerability scans with annual third-party penetration tests.
Everything feeds back into the ISMS for the continuous development of our security controls.
– Incident Management (ISDL04)
– Business Continuity (ISDL08)
Risk
A sustained process of addressing risks, mitigating risks through controls, and providing assurance that the risks are managed according to policies. This includes measurement of risk, assessment, retention, monitoring, and identification.
– Risk Management (ISDL31)
Compliance
Ensuring that activities within an organisation operate in a way that is aligned with laws and regulations.
– Legal Compliance (ISDL390)
– Data Protection (ISDL13)
– GDPR Compliance
Get in Touch
You may know us as Access Intelligence, Isentia, Pulsar, Vuelio or ResponseSource but we are the same people behind each platform.
If you’ve discovered a vulnerability in one of our products, please don’t share it publicly. Instead, please report this to us: [email protected] or for anything else: [email protected]
