Information Security Management (ISO27001)
Protecting the confidentiality, integrity and availability of your data is of the utmost importance to us.
Our ISO27001-certified Information Security Management System (ISMS) is based on a robust framework of information security policies and procedures, aligned with the our Risk Assessment Methodology.
This methodology constantly assesses a wide variety of threats and vulnerabilities which may compromise information assets or the supporting assets on which they depend for their security.
Security Controls for Cloud Services (ISO27017)
ISO27017 builds on ISO27001 by providing a more focused approach to managing the risks associated with the selection and use of cloud computing environments, from the perspective of both the cloud provider and the cloud consumer.
We were one of the first organisations to achieve external certification against the ISO27017 standard.
Personal Data in the Cloud Security (ISO27018)
The ISO27018 standard provides a more focused approach to managing the risks associated with personal data within cloud environments.
ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities and regulations relating to a customer’s right to access and delete personal data.
We were one of the first organisations to achieve external certification against the ISO27018 standard.
Cyber Essentials Plus
UKCloud was one of the first organisations to have successfully achieved both Cyber Essentials and Cyber Essentials Plus.
Launched by the UK Government in 2014 to reduce cyber risks across all types of organisation, this important initiative helps to safeguard the country’s growing digital economy.
We have been assessed in five key control areas – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.
The Plus level additionally requires thorough independent technical checks of UKCloud’s platforms and systems, and seeks to identify whether they could be compromised by a variety of different cyber-attack scenarios.
Home Office Police Assured Secure Facility (PASF)
Through the National Policing Information Risk Management Policy, the National Policing Information Risk Management Team (NPIRMT) of the UK Home Office sets the central standards and controls for law enforcement agencies across the UK. The policy requires that all national police services perform a physical inspection of the data centres where their data will be stored.
UKCloud has worked with NPRIRMT to undertake a Police Assured Secure Facility (PASF) inspection of the UKCloudX platform which supports each police service in their due-diligence.