Access Intelligence Trust Centre

Security & Compliance | ISO 27001 | Third-Party Risk Assessments | GDPR | Sub-Processors

The Access Intelligence Group, based in the UK,  has achieved the ISO/IEC 27001 certification. This is an international standard for Information Security Management that demonstrates an ongoing commitment to apply the most rigorous risk management model to protect information and data belonging to both the Group and its clients.

ISO-IEC-27001-CertificationThe standard forms the basis for effective management of confidential information and the application of information security controls. It recognises an ongoing commitment to review systems and suppliers, identify risks, assess implications and put controls in place for data security. This includes auditing all systems, information assets, operational processes, legal and regulatory requirements, and an ongoing training programme to strengthen the organisation’s expertise in risk management and data security.

ISO 27001 recognises the Group’s exceptional standards in data management and security. This benefits all clients who can rely on the company’s ability to store and process sensitive data in a secure way underpinned by robust systems, increased business resilience, and improved management processes.

Access Intelligence ISO 27001 Certificate
More about ISO 27001

InfoSec Policies

When applying risk treatments to mitigate risk we can apply technical controls (to control technology) or policies (to control people).

Our Information Security Policy (see ISDL01) and other supporting policies are described below:

– Download ISDL01 Access Intelligence ISMS Information Security Policy
– Download ISDL325 Access Intelligence ISMS Scope
– Download ISDL09 Access Intelligence ISMS Management Review Policy
– Download ISDL14 Access Intelligence ISMS Internal Audit Policy
– Download ISDL13 Access Intelligence ISMS Data Protection Policy
– Download ISDL390 Access Intelligence ISMS Statutory Regulatory and Contractual Compliance Policy

Protecting Our Assets

Information is stored in various assets and supporting assets.

Our ISMS contains a comprehensive Inventory of Assets which identifies the dedicated owner for each. Asset Owners ensure that all information assets are protected, maintaining their confidentiality, integrity and availability.

Access to information assets is always restricted to the minimum required to undertake authorised business activities.

All assets and supporting assets are regularly reviewed. Risk Assessments are carried out based on our risk assessment methodology.

Control objectives from ISO 27001 are recorded in the Information Security Management System (ISMS), including our Statement of Applicability (SoA) to show which security controls have been selected to mitigate any identified risks.

– Download ISDL05 Access Intelligence ISMS Asset Management Policy
– Download ISDL07 Access Intelligence ISMS Access Control Policy
– Download ISDL52 Access Intelligence ISMS Information Classification and Handling Guide
– Download ISDL31 Access Intelligence ISMS Information Security Manual

Investing in Our People

Everyone at Access Intelligence understands their role and responsibilities for Information Security. These are clearly written in each policy.

We have an ongoing training and education programme where all colleagues regularly refine their knowledge.

– Download ISDL10 Access Intelligence ISMS Roles and Responsibilities
– Download ISDL02 Access Intelligence ISMS Information Security Training Policy
– Download ISDL03 Access Intelligence ISMS Password Management Policy
– Download ISDL06 Access Intelligence ISMS Acceptable Use Policy
– Download ISDL16 Access Intelligence ISMS Clear Desk Policy
– Download ISDL30 Access Intelligence ISMS Mobile and Personal Device Policy
– Download ISDL55 Access Intelligence ISMS Employee Screening Policy
– Download ISDL53 Access Intelligence ISMS Adding Information Security Responsibilities into JD

Product Development

We encourage our clients, vendors and security partners to be part of our next steps and future plans. As a result, our products are constantly improving.

We minimise risks during development by training our developers to follow coding standards, OWASP recommendations and implement several stages of review for each code change.

Our products are hosted in the cloud and we conduct regular compliance checks for all of our suppliers.

Privileged access is monitored, encryption and MFA are in place where possible, code is under version control and all data is regularly backed up.

We regularly review our processes and aim to continually improve by following Agile methodologies.

– Download ISDL77 Access Intelligence ISMS Secure Development Policy
– Download ISDL54 Access Intelligence ISMS Change Management Policy
– Download ISDL11 Access Intelligence ISMS Data Encryption Policy
– Download ISDL19 Access Intelligence ISMS Supplier Security Management Policy

Handling Incidents

If Access Intelligence was ever to suspect or suffer a loss of confidentiality (e.g. data leak), integrity (e.g. website hack) or availability (e.g. service is down) the Information Security Manager would be alerted immediately.

All security incidents are recorded in the ISMS with an Incident Manager identified. Each incident is treated as a priority and communicated accordingly.

We maintain a robust Disaster Recovery Plan for production services and platforms and run frequent vulnerability scans with annual third-party penetration tests.

Everything feeds back into the ISMS for continuous development of our security controls.

– Download ISDL04 Access Intelligence ISMS Information Security Incident Management Policy
– Download ISDL08 Access Intelligence ISMS Business Continuity Policy

Get in Touch

You may know us as Access Intelligence, Isentia, Pulsar, Vuelio or ResponseSource but we are the same people behind each platform. 

If you’ve discovered a vulnerability in one of our products, please don’t share it publicly. Instead, please report this to us: [email protected] or for anything else: [email protected]