Trust & Assurance

Trusted by Design.
Certified by Evidence.

Platform Resilience operates an independently certified Information Security Management System aligned with ISO/IEC 27001:2022 and secured through an evidence-driven governance platform.

British Assessment Bureau and UKAS accredited ISO 27001 information security management certification badge
ISO Certification

UKAS Accredited ISO/IEC 27001:2022 Certified

Platform Resilience has achieved UKAS-accredited certification for the management of information security within the certified scope set out below.

"The management of information security for the provision of resilience assessment, strategy, and advisory services to customers, including the development and operation of internal application used to manage workflows and support service delivery."
Certificate Number
273904
Certified Since
7 July 2026
Current Issue
7 July 2026
Expiry
6 July 2029
Verify Certification
Certificate Number: 273904
Cyber Essentials Plus

Technical controls independently validated.

Cyber Essentials Plus independently validates our technical security controls through hands-on verification.

How We Run Our ISMS

The ISMS is operated through the same governance platform we use every day.

Platform Resilience operates its own ISMS using an internally developed governance platform. Governance evidence is created through day-to-day operational workflows rather than static documentation alone.

Risk Management

Internal Audits

Management Reviews

Continual Improvement

Incident Management

Change Management

Supplier Governance

Evidence Management

Security Controls

Control areas linked to governance, resilience, and service delivery.

Identity & Access Management

Access to systems and governance workflows is controlled through defined roles, administrative restrictions, and periodic review. The aim is clear accountability over who can view, change, approve, and administer security-relevant activity.

Business Continuity

Continuity planning is aligned to business impact, service dependency, and operational tolerance. Continuity measures are treated as active management controls rather than static policy statements.

Backup & Recovery

Recovery capability is assessed through evidence, dependency understanding, and practical review of restoration assumptions. Backup integrity and recovery feasibility are considered in the context of operational use, not only technical completion.

Supplier Governance

Supplier assurance is managed through structured governance, contract awareness, service dependency understanding, and review of supplier control expectations where relevant to delivery or risk.

Privacy Governance

Privacy governance includes processor oversight, public transparency controls, DSAR handling capability, and data protection review across operational workflows. Public notices and enquiry handling are aligned to the website and service model.

Secure Development

Development and platform change are governed through controlled release practices, change management, review discipline, and security-aware implementation. The objective is to reduce unintended exposure as systems evolve.

Operational Monitoring

Operational monitoring supports service oversight, issue awareness, and governance visibility. Monitoring is treated as part of resilience assurance, not as a separate technical afterthought.

Threat Intelligence

Threat information is used to inform security judgement, prioritisation, and review of emerging risk across services, dependencies, and operational assumptions.

Privacy & Data Protection

Privacy governance is treated as an operational control area.

GDPR governance
DSAR process
Processor governance
Data protection oversight
Business Continuity & Resilience

Continuity and resilience are managed through structured operational discipline.

Business Continuity

Business Impact Analysis

Recovery Planning

Dependency Mapping

Operational Tolerances

Recovery Validation

Our Security Approach

A security approach grounded in evidence, platform discipline, and independent review.

Evidence-based governance

Controls are supported through operational evidence rather than presentation-led assurance.

Cloud-native architecture

The internal platform and supporting services are operated with cloud-native design considerations and controlled service dependencies.

Secure by design

Governance, change, and security controls are incorporated into how the platform and service workflows are designed.

Continuous monitoring

Visibility is maintained through operational monitoring, workflow oversight, and management review inputs.

Independent certification

Certification provides external assurance that the ISMS is operating against a recognised standard within the certified scope.

Supplier assurance

Third-party dependencies are considered through governance review, supplier understanding, and risk-aware service management.