Contact

Trust is earned, not claimed.

We hold ourselves to the same standards we help our clients meet. Three accredited certifications, one integrated policy, and the evidence that backs them — published in full, not behind a sales gate.

Accredited certifications

Three ISO standards, certified by an accredited body. Each governs a distinct piece of the Integrated Management System: information security, cloud-specific controls, and service quality.

  1. Information Security Management

    ISO/IEC 27001:2022

    The international reference standard for an Information Security Management System (ISMS). Our ISMS covers all 93 controls of Annex A, with applicability declared in the Statement of Applicability and a risk treatment plan that ties each control to a specific threat scenario.

    Scope
    Advisory services, secure software development, SaaS operation, customer-data handling.
    Version
    2022 — latest revision, replaces 27001:2013/2017
    Controls
    93 across four themes — organizational, people, physical, technological

  2. Cloud-Specific Security Controls

    ISO/IEC 27017:2015

    The cloud-security companion to ISO/IEC 27001 — it extends the ISMS with seven cloud-specific controls and additional guidance for the 27002 set. It explicitly distinguishes the obligations of the Cloud Service Customer (CSC) from those of the Cloud Service Provider (CSP). We operate as both, and we hold each role to the standard.

    Our role
    CSC + CSP — we consume cloud services and we deliver them
    Coverage
    Applied on top of ISO/IEC 27001:2022 via the cloud-specific section of the Statement of Applicability
    Topics
    Shared responsibility, tenant isolation, virtual environment hardening, administrative ops, cloud monitoring, alignment of cloud agreements with security policy

  3. Quality Management

    ISO 9001:2015

    The reference standard for quality management. The current version is amended by Amendment 1:2024 (climate-action changes), which is reflected in our Quality Management System. The QMS is integrated with the ISMS into a single Integrated Management System — one set of objectives, one set of audits, one set of evidence.

    Scope
    Repeatable, measurable, continuously improving delivery of advisory services and software products
    Version
    2015 + Amd.1:2024 (climate action)
    Integration
    Operated jointly with ISO/IEC 27001:2022 and ISO/IEC 27017:2015 in a single Integrated Management System

Downloadable certificates

The signed certificates issued by our accredited body. ISO/IEC 27017 is included in the ISO/IEC 27001 certificate.

Integrated Quality and Information Security Policy

The top-level policy of our Integrated Management System. Sets the commitment of top management, the strategic objectives, the principles, the framework scoping and the cloud role declaration. Anchors every subordinate policy, procedure and register.

  • Scope & commitment of top management
  • Strategic objectives & principles (12)
  • Framework scoping statement (in-scope, informative, out-of-scope, future)
  • Cloud role declaration (CSC + CSP)
  • Compliance, review & communication framework
Read the full policy