Certification

ISO certification

Jisc provides a number of services that are certified to ISO9001 and ISO27001. We are independently assessed against the relevant International Organisation for Standardisation (ISO) standard by Lloyds Register.

ISO9001

ISO9001 is an international quality management standard that focuses on developing and delivering products and services that meet customer requirements within the aim of improving customer satisfaction. 

Our current certificate scope covers the operation, development and support of our Janet Network and associated connectivity, cloud, cyber security, framework and trust and identity services.

View our ISO9001:2015 certificate (pdf).

For more information about our ISO9001 certification or associated activities, email quality@jisc.ac.uk. 

ISO27001

ISO27001 is an international information security management standard that focuses on how we ensure the confidentially, integrity and availability of our information. 

Our current certificate scope covers the provision of information security for the following services:

• Certificate service
• eduroam
• UK Access Management Federation
• Assent
• Core optical networking
• Domain name system (DNS) registries
• Govroam
• Online surveys
• Learning analytics
• Open research hub

View our ISO27001:2013 certificate (pdf).

Supporting documentation

ISO27001 requires organisations to draw up a high-level policy setting out their commitment to information security objectives and principles. This policy should be available as documented information, be communicated within the organisation and be available to interested parties as appropriate.

• View our information security policy (pdf)

Annex A of ISO27001 contains a comprehensive set of information security controls and control objectives. Organisations can design their own controls, or identify controls from any source, but should compare them with the Annex A controls, to ensure that no necessary controls have been omitted. They also need to set out the rationale for the security controls they are employing and the justification for any that they are not in an ISO27001 Statement of Applicability (SoA).

• View our ISO27001 Statement of Applicability (pdf)

For more information about our ISO27001 certification or associated activities, email information.security@jisc.ac.uk. 

Cyber Essentials

Cyber Essentials is a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online security threats.

Our Cyber Essentials certification covers internet-facing infrastructure for our penetration testing service, including firewalls and routers, located in the UK.

View our Cyber Essentials certificate (PDF).