Trust Centre

Security & Compliance | Information Security | Risk Assessments | GDPR | Sub-Processors | Corporate Governance

Information Security

ISO 27001

The Pulsar Group (formerly Access Intelligence Group),  has achieved the ISO/IEC 27001 certification. This is an international standard for Information Security Management that demonstrates an ongoing commitment to apply the most rigorous risk management model to protect information and data belonging to both the Group and its clients.

The standard forms the basis for the effective management of confidential information and the application of information security controls. It recognises an ongoing commitment to review systems and suppliers, identify risks, assess implications and put controls in place for data security. This includes auditing all systems, information assets, operational processes, legal and regulatory requirements, and an ongoing training programme to strengthen the organisation’s expertise in risk management and data security.

ISO 27001 recognises the Group’s exceptional standards in data management and security. This benefits all clients who can rely on the company’s ability to store and process sensitive data in a secure way underpinned by robust systems, increased business resilience, and improved management processes.

Download ISO 27001 Certificate
– Download Statement of Applicability
– Read more about ISO 27001

GRC

Governance, Risk, and Compliance (GRC) is a structured way to align IT with business objectives whilst managing risks and complying with legal obligations. It includes tools and processes to unify an organisation’s governance and risk management with its technological innovation and adoption. Pulsar Group uses GRC to achieve organisational goals reliably, remove uncertainty, and meet compliance requirements.

Information Security Governance

The latest version of the Pulsar Group Information Security Policy is available below:

Information Security Policy v7

 

All information security policies are approved by senior management and reviewed through a program of internal and external audits. For more details of our internal review processes, refer to the following sections of the policy:

  • Management Review: ISDL09
  • Internal Audit: ISDL14

Information Assets

Information is stored in various assets and supporting assets.

Our Information Security Management System (ISMS) contains a comprehensive Inventory of Assets which identifies the dedicated owner for each. Asset Owners ensure that all information assets are protected, maintaining their confidentiality, integrity and availability.

Access to information assets is always restricted to the minimum required to undertake authorised business activities.

All assets and supporting assets are regularly reviewed. Risk Assessments are carried out based on our risk assessment methodology. Control objectives from ISO 27001 are recorded in the ISMS, including our Statement of Applicability (SoA) to show which security controls have been selected to mitigate any identified risks.

For more details about asset security, refer to the following sections of the policy:

  • Asset Management: ISDL05
  • Access Control: ISDL07
  • Information Classification and Handling: ISDL52

Our People

Everyone at Pulsar Group understands their role and responsibilities for Information Security. These are clearly written in each policy.

We have an ongoing training and education programme where all colleagues regularly refine their knowledge. For more details about human security, refer to the following sections of the policy:

  • Information Security and Data Protection Training: ISDL02)
  • Adding policy compliance into job descriptions: ISDL53
  • Acceptable Use: ISDL06
  • BYOD Policy: ISDL30
  • Password Management: ISDL03
  • Clear Desk and Clear Screen: ISDL16
  • Employee Screening: ISDL55
  • Information Security Roles & Responsibilities: ISDL10

Product Development

We encourage our clients, vendors and security partners to be part of our next steps and future plans. As a result, our products are constantly improving.

We minimise risks during development by training our developers to follow coding standards, OWASP recommendations and implement several stages of review for each code change.

Our products are hosted in the cloud and we conduct regular compliance checks for all of our suppliers.

Privileged access is monitored, encryption and MFA are in place, code is under version control and all data is regularly backed up.

We regularly review our processes and aim to continually improve by following Agile methodologies. For more details about secure development, refer to the following sections of the policy:

  • Secure Development: ISDL77
  • Encryption: ISDL11
  • Supplier Management: ISDL19
  • Change Management: ISDL5

Handling Incidents

If Pulsar Group were ever to suspect or suffer a loss of confidentiality (e.g. data leak), integrity (e.g. website hack) or availability (e.g. service is down) the Incident Response Team would be alerted immediately.

All security incidents are recorded in the ISMS with an Incident Manager identified. Each incident is treated as a priority and communicated accordingly.

We maintain a robust Disaster Recovery Plan for production services and platforms and run frequent vulnerability scans with annual third-party penetration tests.

For more details, refer to the following sections of the policy:

  • Incident Management: ISDL04
  • Business Continuity: ISDL08

Risk

A sustained process of identifying, addressing and mitigating risks through controls, and providing assurance that the risks are managed according to policies. This includes a measurement of risk, assessment, retention and monitoring.

For more details of our risk management methodology, refer to the following sections of the policy:

  • Risk Management (ISDL31)

Compliance

Ensuring all activities within an organisation operate in a way that is aligned with laws and regulations.

Get in Touch

You may know us as Pulsar Group (formerly Access Intelligence), Isentia, Pulsar, Vuelio or ResponseSource but we are the same people behind each platform.

If you’ve discovered a vulnerability in one of our products, please don’t share it publicly. Instead, please report this to us: [email protected] or for anything else: [email protected]