ISO 27001

Kurtosys has implemented an ISMS (Information Security Management System) since inception and we adopted the ISO 27001 standard with external certification in 2013. The certification applies to all our employees and offices. We incorporate all of the controls as a standard in our policy as well as some additional controls for compliance and data protection.

ISO 27001

Our security policy incorporates

  • A robust Risk Management Program and we continuously monitor our applications and other IT assets, test for vulnerabilities and monitor emerging Threats and Exploits.
  • Incident and Change Management which form a central part of our operational processes. We are committed to minimising the number and impact of any operational or security related incidents on our platform.
  • A Business Continuity Plan to ensure that we have procedures to manage contingencies and Disaster Recovery, particularly as it applies to our SLA and Datacentre operations.

It is a fundamental objective to ensure that our clients’ sites and services are properly protected. ISO 27001 provides the best mechanism for implementing controls ensuring that we operating with adequate protection, monitoring and improve our posture on an ongoing basis.

Our ISO 27001 implementation has been externally certified and is audited annually by QMS International (Citation). Certificates and audit details are available on through our Trust Centre.

Security partner assurance

In addition to full time Information Security Officers and other qualified staff within Kurtosys, we also recognise the need to include specialist external support to assist our organisation who can provide their own expertise and experience in the following areas of security:
  • Specific systems for protection of our platform. These include external services for DDoS and WAF as well as internal tools such as IDS and Threat Management.
  • Consultation in the event of a security incident. We acknowledge that in the event of a security breach, we will need the support and assistance of experts in helping to analyse and remediate issues.
  • Training and assistance with the development of security posture. We have a continuous program of employee development and training in security incident handling.

Security scorecard

Cybersecurity is complicated, however, understanding cyber risk doesn’t have to be. We use several indicators to monitor and analyse our ability to manage this risk. SecurityScorecard is one of the more important indicators, enabling us to assess a range of external threat factors and monitor our own performance as well as that of our clients and suppliers.

Kurtosys Information Security Scorecard -- Nov 2024

*Updated November 2024