Access Intelligence Trust Centre

Security & Compliance | InfoSec Policies | Third-Party Risk Assessments | GDPR | Sub-Processors | Corporate Governance


ISO 27001

The Access Intelligence Group (UK),  has achieved the ISO/IEC 27001 certification. This is an international standard for Information Security Management that demonstrates an ongoing commitment to apply the most rigorous risk management model to protect information and data belonging to both the Group and its clients.

Cfa have audited Access Intelligence to UKAS requirements of ISO 27001

The standard forms the basis for the effective management of confidential information and the application of information security controls. It recognises an ongoing commitment to review systems and suppliers, identify risks, assess implications and put controls in place for data security. This includes auditing all systems, information assets, operational processes, legal and regulatory requirements, and an ongoing training programme to strengthen the organisation’s expertise in risk management and data security.

ISO 27001 recognises the Group’s exceptional standards in data management and security. This benefits all clients who can rely on the company’s ability to store and process sensitive data in a secure way underpinned by robust systems, increased business resilience, and improved management processes.

– Download Access Intelligence’s ISO 27001 Certificate
– Download Statement of Applicability (ISDL79)
– Read more about ISO 27001

GRC

Governance, Risk, and Compliance (GRC) is a structured way to align IT with business objectives whilst managing risks and complying with legal obligations. It includes tools and processes to unify an organisation’s governance and risk management with its technological innovation and adoption. Access Intelligence uses GRC to achieve organisational goals reliably, remove uncertainty, and meet compliance requirements.

Information Security Governance

How an organisation aligns it activities, processes, structures, and policies with business objectives.

Our Information Security Policy and other supporting policies are described below:
– Download Access Intelligence ISMS Information Security Policy (ISDL01)
– Download Access Intelligence ISMS Scope (ISDL325)

All information security policies are approved by senior management and reviewed through a program of internal and external audits:
– Download Access Intelligence ISMS Management Review Policy (ISDL09)
– Download Access Intelligence ISMS Access Intelligence ISMS Internal Audit Policy (ISDL14)

Information Assets

Information is stored in various assets and supporting assets.

Our ISMS contains a comprehensive Inventory of Assets which identifies the dedicated owner for each. Asset Owners ensure that all information assets are protected, maintaining their confidentiality, integrity and availability.

Access to information assets is always restricted to the minimum required to undertake authorised business activities.

All assets and supporting assets are regularly reviewed. Risk Assessments are carried out based on our risk assessment methodology.

Control objectives from ISO 27001 are recorded in the Information Security Management System (ISMS), including our Statement of Applicability (SoA) to show which security controls have been selected to mitigate any identified risks.

– Download Access Intelligence ISMS Asset Management Policy (ISDL05)
– Download Access Intelligence ISMS Access Control Policy (ISDL07)
– Download Access Intelligence ISMS Information Classification and Handling Guide (ISDL52)
– Download Access Intelligence ISMS Data Erasure and Asset Disposal Guide (ISDL62)

Our People

Everyone at Access Intelligence understands their role and responsibilities for Information Security. These are clearly written in each policy.

We have an ongoing training and education programme where all colleagues regularly refine their knowledge.

– Download Access Intelligence ISMS Information Security Training Policy (ISDL02)
– Download Access Intelligence ISMS Adding Information Security Responsibilities into JD (ISDL53)
– Download Access Intelligence ISMS Acceptable Use Policy (ISDL06)
– Download Access Intelligence ISMS Mobile and Personal Device Policy (ISDL30)
– Download Access Intelligence ISMS Password Management Policy (ISDL03)
– Download Access Intelligence ISMS Clear Desk and Clear Screen Policy (ISDL16)
– Download Access Intelligence ISMS Employee Screening Policy (ISDL55)
– Download Access Intelligence ISMS Roles and Responsibilities (ISDL10)

Product Development

We encourage our clients, vendors and security partners to be part of our next steps and future plans. As a result, our products are constantly improving.

We minimise risks during development by training our developers to follow coding standards, OWASP recommendations and implement several stages of review for each code change.

Our products are hosted in the cloud and we conduct regular compliance checks for all of our suppliers.

Privileged access is monitored, encryption and MFA are in place where possible, code is under version control and all data is regularly backed up.

We regularly review our processes and aim to continually improve by following Agile methodologies.

– Download Access Intelligence ISMS Secure Development Policy (ISDL77)
– Download Access Intelligence ISMS Data Encryption Policy (ISDL11)
– Download Access Intelligence ISMS Supplier Security Management Policy (ISDL19)
– Download Access Intelligence ISMS Change Management Policy (ISDL54)

Handling Incidents

If Access Intelligence was ever to suspect or suffer a loss of confidentiality (e.g. data leak), integrity (e.g. website hack) or availability (e.g. service is down) the Information Security Manager would be alerted immediately.

All security incidents are recorded in the ISMS with an Incident Manager identified. Each incident is treated as a priority and communicated accordingly.

We maintain a robust Disaster Recovery Plan for production services and platforms and run frequent vulnerability scans with annual third-party penetration tests.

Everything feeds back into the ISMS for the continuous development of our security controls.

– Download Access Intelligence ISMS Information Security Incident Management Policy (ISDL04)
– Download Access Intelligence ISMS Business Continuity Policy (ISDL08)

Risk

A sustained process of addressing risks, mitigating risks through controls, and providing assurance that the risks are managed according to policies. This includes measurement of risk, assessment, retention, monitoring, and identification.
– Download ISDL31 Access Intelligence Risk Management Policy

Compliance

Ensuring that activities within an organization operate in a way that are aligned with laws and regulations.
– Download Access Intelligence ISMS Statutory Regulatory and Contractual Compliance Policy (ISDL390)
– Download Access Intelligence ISMS Data Protection Policy (ISDL13)
– Read more about our GDPR Compliance

Get in Touch

You may know us as Access Intelligence, Isentia, Pulsar, Vuelio or ResponseSource but we are the same people behind each platform.

If you’ve discovered a vulnerability in one of our products, please don’t share it publicly. Instead, please report this to us: [email protected] or for anything else: [email protected]