Our Information Governance

iCONX Information Governance Programme

Given both the nature and volume of the data we process, information technology management and governance has always had a seat at our top table. We’ve been COBIT aligned since 2003, and have always exceeded expectations when undertaking customer commissioned audits such as SOX compliance.

In tandem with customer initiated audits, the iCONX information governance programme has continually delivered independent assurance to customers based on international standards and best practice frameworks as to the privacy, confidentiality, security, integrity and availability of their data.

Continue reading about our information governance programme initiatives below and refer any questions you may have via email to our CISM Certified Chief Information Security Officer.

BS 10012:2017 Personal Information Management

In 2017 we decided to further enhance our governance model through the adoption of and certification to the BS 10012:2017 Personal Information Management Standard, thus assuring customers of our systematic and best practice approach to the management of privacy risk and improvement of our ASP services. Adoption of the BS 10012:2017 standard enhances compliance with the GDPR Regulation (EU) 2016/679 which comes into force on May 25th 2018.

The BS 10012:2017 certification assessments were carried out by our accredited partner Certification Europe. Our certification is valid for 3 years from May 2018. During the 3-year period we undertake surveillance audits at yearly intervals in order to continually improve privacy risk management and to maintain certification validity. The current certificate may be viewed here.

For further information contact our Data Protection Officer

ISO/IEC 20000:2011 IT Service Management

In 2016 we decided to further enhance our governance model through the adoption of and certification to the ISO/IEC 20000:2011 standard, thus assuring customers of our systematic and best practice approach to the design, transition, delivery and improvement of our ASP services.

The ISO 2000 assessments were carried out by our accredited partner Certification Europe. The certification is valid for 3 years from December 2017. During the 3-year period of validity, we undertake surveillance audits at six monthly intervals to maintain the certification

The current certificate may be viewed here 

ISO 22301:2012 Business Continuity Certification

In 2015 we decided to again further enhance our governance model through the adoption of and certification to the ISO 22301:2012 standard, thus assuring customers of our systematic and best practice approach to managing risk with respect to business continuity.

A key component of the program was the upgrade of our information systems infrastructure stack at our primary and secondary data centres, DB2 & DB3.

The ISO 27001 audits were carried out by our accredited partner Certification Europe. The certificate is valid for 3 years from June 2016. During the 3-year period of validity, we undertake surveillance audits at six monthly intervals to maintain the certification.

The current certificate may be viewed here 

ISO/IEC 27001:2013 Information Security Certification

In 2014 we decided to further enhance our governance model through the adoption of and certification to the ISO/IEC 27001:2013 standard, thus assuring customers of our systematic and best practice approach to managing information security risks.

The ISO 27001 audits were carried out by our accredited partner Certification Europe. The certificate is valid for 3 years from June 2016. During the 3-year period of validity, we undertake surveillance audits at six monthly intervals to maintain the certification.

Our control set for the audits consisted of all 114 of the controls specified within the ISO 27001:2013 standard.

The current certificate may be viewed here 

AICPA SOC 1 SSAE 16 – Independent Audit Report

In 2015 we initiated an internal project culminating in the 2016 issuance of an AICPA SOC 1 SSAE 16 Type II Report. The purpose of the SOC 1 Type II audit report is to provide our stakeholders independent assurance regarding the adequacy of information system controls as applied to customer data hosted within our ASP during a defined period.

The audit and subsequent reporting were carried out by Grant Thornton. Our control set for the SOC 1 audits were based on the ITIL 2011 framework.

Data Protection – Audit Report / GDPR alignment

In 2014 we initiated an internal data protection project with a view to establishing our status in respect of the now imminent enforcement of GDPR Regulation (EU) 2016/679.

An industry recognised subject matter expert audited our control environment. The subsequent audit report and recommendations fed into our continual improvement cycle and provided a strong starting point on our road to GDPR compliance.

AICPA SAS 70 – Independent Audit Report

In 2008 we initiated an internal project culminating in the 2009 issuance of an AICPA SAS 70 Type I Report. The purpose of the independent report based on the SAS 70 standard was to provide our customers with independent assurance regarding the adequacy of information system controls as applied to customer data hosted within our ASP.

The audit and subsequent reporting were carried out by Grant Thornton. Our controls were based on the ISACA COBIT framework.