Security has always been a core tenet at Anu, but until we began implementing our Information Security Management System we had no way to independently verify that our processes and procedures were effective.
Our ISO 27001 certification journey began in 2018 when we kicked off our implementation and started building our ISMS. We achieved UKAS accredited certification in July 2020. While we are proud of what we have achieved to date, we will continue to strive for continual improvement in every area.
Our Information Security Policy can be read below. Our signed certificate is available on request.
Anu provide worldwide bespoke managed hosting services built on open source technologies with an emphasis on high security, high reliability environments.
Anu is committed to maintaining the security, integrity, confidentiality and availability of customer systems and data.
As part of our holistic view of data security we understand that technical solutions on their own are not enough to meet these goals. In order to identify and manage risks and threats from all angles in a systematic and measured way, we have implemented an Information Security Management System (ISMS) in line with the ISO 27001:2013 standard.
Our ISMS has been designed to cover a broad range of security aspects encompassing technical, organisational, business process, legal and personnel, based on tried and proven international security best practices. It guides and informs our day to day business processes ensuring we meet our security objectives in a consistent, measurable manner. We aim to protect the integrity, confidentiality and availability of customer and proprietary data and systems.
•
Integrity: protect from unauthorised modification or deletion of data. Protect from data corruption.
•
Confidentiality: protect from unauthorised access to data and systems. Protect against inadvertent information disclosure.
•
Availability: protect systems from unscheduled downtime caused by denial of service attacks, software or hardware failures, software malfunction, disruption to access routes.
Key objectives include:
•
Meeting and exceeding our commitment to our customers to maintain the highest standard of information security by maintaining certification to the ISO27001:2013 standard.
•
Design, build, configuration and support of secure hosting environments which minimise operational and cyber security risks to customers.
•
Ensuring our staff are equipped with the knowledge and tools required to meet security objectives, including relevant training.
•
Manage changes to our key systems, infrastructure and business processes in a controlled manner.
•
Reduce risk by carrying out periodic risk assessments and identifying our biggest weaknesses; addressing those weaknesses methodologically.
•
Ensure consistent information security awareness among staff through the implementation of regularly reviewed and audited policies, processes and controls.
•
Comply with legal and legislative requirements.
•
Protect the Anu brand by engaging with trusted partners and suppliers who can demonstrate compliance with best practices in information security.
•
Continuous improvement in all areas of information security.
Information Security Responsibilities
•
Senior management are ultimately responsible of the development, implementation and management of the ISMS
•
Senior management regularly review the ISMS for applicability, scope and effectiveness.
•
A responsible person is assigned to each information asset and risk. This person is responsible for managing asset security and addressing risk.
•
A company-wide information classification policy has been established and communicated to all members of staff and contractors.
•
All staff including contractors are bound by our information security policies at all times.
Security Management
•
Information assets are systematically assessed for risk and adequately protected with technological and policy based controls.
•
Processes for escalating incidents and risks have been implemented and tested.
•
Comprehensive security policies covering IT, HR, suppliers, business continuity, information and equipment lifecycle management and acceptable use policies have been implemented and are adhered to.
•
A continuous security focused staff training program has been implemented.
•
All suspected and confirmed breaches of information security will be reported to and investigated by senior management.
•
Our ISMS and related security controls are regularly assessed and reviewed.
Information Security Policy v1.4
Last updated: 10 April 2023
