IT Security, Privacy and Governance
Our security approach
Our Privacy, IT Security & Governance and Operational IT Security teams.
These teams are responsible for ensuring the security of our information, network, and IT assets and those of our clients. We secure all of those assets by applying controls against industry, legal & internationally recognised standards.
Those controls can be physical, technical, operational, managerial, or administrative. For example:
- A physical control might be a card entry system on the front door of our office.
- A technical control might be the antivirus software on our laptops.
- A managerial control might be the hours staff or visitors are permitted into the building.
- An administrative control may be an "acceptable use policy", which our staff or contractors sign to agree that they won’t use our IT assets for anything but business.
We are certified against the ISO 27001 framework. This means that we manage our information security policies and controls from within an ISMS (Information Security Management System). An ISMS is a systematic approach consisting of processes, technology and people that help us protect and manage our organisation’s information through effective risk management.
Our systems are regularly, physically, and technically “Penetration Tested” and audited by externally contracted professionals, regulatory bodies, our own internal control reviews and certification bodies.
Our goal is to continually monitor and improve our defences and maintain a proactive security posture, supporting our professional service lines to do business safely and securely, whilst reducing risk to our clients and their data.
Our current Information Security Certifications may be checked by clicking on the marks of trust below. Further information, certificates & “scope of applicability” can be requested from our Security Teams directly.