What is ISO 27001?
ISO 27001 is the international standard for information security.
It sets out how organisations must protect sensitive data, manage risk and continually improve how information is handled. This includes technology, people and processes.
Certification is independently assessed and subject to regular audits. It is not a one-off exercise.
Why it matters in financial planning
Financial advice firms handle highly sensitive personal and financial information.
That makes information security, third-party oversight and operational resilience critical. Especially where work is outsourced.
Many data breaches are not caused by hackers. They are caused by weak processes, unclear controls or human error.
Why we chose to become ISO 27001 certified
We work inside advice firms’ processes every day. That carries responsibility.
We became ISO 27001 certified because we believe outsourced support firms should be held to the same level of scrutiny as the firms they support.
This was about reducing risk, not shifting it. And protecting clients, not just meeting minimum requirements.
What this means for the firms we work with
Our certification provides confidence that:
• Information security risks are actively managed
• Clear controls are in place across systems and people
• Data protection is embedded in day-to-day operations
• Ongoing independent audits ensure standards are maintained
It also supports firms in meeting regulatory expectations around outsourcing and third-party oversight.
What this means for your clients
For clients, it comes down to trust.
Their information is handled carefully, consistently and responsibly by everyone involved in their advice journey.
Due diligence and oversight
We know many firms require clear, documented evidence to support their outsourcing and oversight obligations.
Alongside our ISO 27001 certification, we provide a detailed due diligence document that sets out our governance, controls, risk management and information security arrangements in more depth.
This is designed to support internal reviews, compliance checks and ongoing oversight.
