Trusted by Design.
Certified by Evidence.
Platform Resilience operates an independently certified Information Security Management System aligned with ISO/IEC 27001:2022 and secured through an evidence-driven governance platform.

UKAS Accredited ISO/IEC 27001:2022 Certified
Platform Resilience has achieved UKAS-accredited certification for the management of information security within the certified scope set out below.
"The management of information security for the provision of resilience assessment, strategy, and advisory services to customers, including the development and operation of internal application used to manage workflows and support service delivery."
Technical controls independently validated.
Cyber Essentials Plus independently validates our technical security controls through hands-on verification.
The ISMS is operated through the same governance platform we use every day.
Platform Resilience operates its own ISMS using an internally developed governance platform. Governance evidence is created through day-to-day operational workflows rather than static documentation alone.
Risk Management
Internal Audits
Management Reviews
Continual Improvement
Incident Management
Change Management
Supplier Governance
Evidence Management
Control areas linked to governance, resilience, and service delivery.
Role-based access, administrative control, and accountable access reviews.
Continuity planning tied to operational consequence and recovery requirements.
Recovery capability reviewed through evidence, dependency awareness, and validation.
Third-party risk, assurance expectations, and supplier review workflows.
Data protection, processor oversight, DSAR handling, and public transparency controls.
Security built into development, change, and release practices.
Monitoring, alerting, governance visibility, and resilience oversight.
Threat awareness informing control priorities, supplier review, and security response.
Identity & Access Management
Access to systems and governance workflows is controlled through defined roles, administrative restrictions, and periodic review. The aim is clear accountability over who can view, change, approve, and administer security-relevant activity.
Business Continuity
Continuity planning is aligned to business impact, service dependency, and operational tolerance. Continuity measures are treated as active management controls rather than static policy statements.
Backup & Recovery
Recovery capability is assessed through evidence, dependency understanding, and practical review of restoration assumptions. Backup integrity and recovery feasibility are considered in the context of operational use, not only technical completion.
Supplier Governance
Supplier assurance is managed through structured governance, contract awareness, service dependency understanding, and review of supplier control expectations where relevant to delivery or risk.
Privacy Governance
Privacy governance includes processor oversight, public transparency controls, DSAR handling capability, and data protection review across operational workflows. Public notices and enquiry handling are aligned to the website and service model.
Secure Development
Development and platform change are governed through controlled release practices, change management, review discipline, and security-aware implementation. The objective is to reduce unintended exposure as systems evolve.
Operational Monitoring
Operational monitoring supports service oversight, issue awareness, and governance visibility. Monitoring is treated as part of resilience assurance, not as a separate technical afterthought.
Threat Intelligence
Threat information is used to inform security judgement, prioritisation, and review of emerging risk across services, dependencies, and operational assumptions.
Privacy governance is treated as an operational control area.
Continuity and resilience are managed through structured operational discipline.
Business Continuity
Business Impact Analysis
Recovery Planning
Dependency Mapping
Operational Tolerances
Recovery Validation
A security approach grounded in evidence, platform discipline, and independent review.
Evidence-based governance
Controls are supported through operational evidence rather than presentation-led assurance.
Cloud-native architecture
The internal platform and supporting services are operated with cloud-native design considerations and controlled service dependencies.
Secure by design
Governance, change, and security controls are incorporated into how the platform and service workflows are designed.
Continuous monitoring
Visibility is maintained through operational monitoring, workflow oversight, and management review inputs.
Independent certification
Certification provides external assurance that the ISMS is operating against a recognised standard within the certified scope.
Supplier assurance
Third-party dependencies are considered through governance review, supplier understanding, and risk-aware service management.
