Jisc provides a number of services that are certified to ISO9001 and ISO27001. We are independently assessed against the relevant International Organisation for Standardisation (ISO) standard by Lloyds Register.
ISO9001 is an international quality management standard that focuses on developing and delivering products and services that meet customer requirements within the aim of improving customer satisfaction.
Our current certificate scope covers:
- Delivery and operation of the Janet Network and associated connectivity services to UK research, training and education communities
- Cloud consultancy, professional, and managed services
- Identity and access management
- Digital content and software licence negotiation
For more information about our ISO9001 certification or associated activities, email firstname.lastname@example.org.
ISO27001 is an international information security management standard that focuses on how we ensure the confidentially, integrity and availability of our information.
Our current certificate scope covers the provision of information security for the following services:
- Certificate service
- Cloud consultancy
- Cloud managed services
- Cloud professional services
- Cyber security services
- Core optical networking
- Domain name system (DNS) registries
- Learning analytics
- Online surveys
- UK Access Management Federation
ISO9001 and ISO27001 requires organisations to draw up high level policies setting out their commitment to quality and information security objectives and principles.
These policies should be available as documented information, be communicated within the organisation and be available to interested parties as appropriate.
Annex A of ISO27001 contains a comprehensive set of information security controls and control objectives. Organisations can design their own controls, or identify controls from any source, but should compare them with the Annex A controls, to ensure that no necessary controls have been omitted.
They also need to set out the rationale for the security controls they are employing and the justification for any that they are not in an ISO27001 Statement of Applicability (SoA).
In addition, organisations should define a process for handling information security incidents in accordance with ISO27001 (Annex A.16).
For more information about our ISO27001 certification or associated activities, email email@example.com.
Cyber Essentials and Cyber Essentials Plus
Cyber Essentials is a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online security threats.
Our Cyber Essentials and Cyber Essentials Plus certification covers internet-facing infrastructure for our penetration testing service, including firewalls and routers, located in the UK.