Jisc provides a number of services that are certified to ISO9001 and ISO27001. We are independently assessed against the relevant International Organisation for Standardisation (ISO) standard by LRQA.
ISO9001 is an international quality management standard that focuses on developing and delivering products and services that meet customer requirements within the aim of improving customer satisfaction.
For more information about our ISO9001 certification or associated activities, email firstname.lastname@example.org.
ISO27001 is an international information security management standard that focuses on how we ensure the confidentially, integrity and availability of our information.
Our current certificate scope covers the provision of information security for the following services:
- Certificate service
- UK Access Management Federation
- Core optical networking
- Domain name system (DNS) registries
- Online surveys
- Learning analytics
- Open research hub
ISO27001 requires organisations to draw up a high-level policy setting out their commitment to information security objectives and principles. This policy should be available as documented information, be communicated within the organisation and be available to interested parties as appropriate.
Annex A of ISO27001 contains a comprehensive set of information security controls and control objectives. Organisations can design their own controls, or identify controls from any source, but should compare them with the Annex A controls, to ensure that no necessary controls have been omitted. They also need to set out the rationale for the security controls they are employing and the justification for any that they are not in an ISO27001 Statement of Applicability (SoA).
For more information about our ISO27001 certification or associated activities, email email@example.com.