ISO 27001

Fernox Ltd is proud to be ISO/IEC 27001:2022 certified, demonstrating our commitment to protecting information and maintaining the highest international standards for information security, risk management, and data protection.

This certification confirms that Fernox has implemented a formal Information Security Management System (ISMS) designed to safeguard sensitive information, reduce security risks, and ensure the confidentiality, integrity, and availability of data across our digital services.

Certification Overview

• Standard: ISO/IEC 27001:2022
• Certified Organisation: Fernox Ltd
• Certification Body: Intertek Certification Limited (UKAS Accredited, Accreditation No. 0014)
• Certificate Number: 0233950
• Initial Certification Date: 22 December 2025
• Valid Until: 21 December 2028
• Main Site: Unit 2, Genesis Business Park, Woking, GU21 5RW, United Kingdom

 

Scope of Certification

Our ISO 27001 certification applies to:

The Information Security Management System (ISMS) covering the development, deployment, production, operation, and support of the Fernox mobile and web application, including supporting assets, infrastructure, development tools, and personnel, in accordance with Statement of Applicability version 1.5 dated 15 December 2025.

This ensures security controls extend across technology, people, processes, and supporting systems.

The Key Principles of ISO/IEC 27001

ISO 27001 is built around a set of fundamental principles that guide how organisations manage and protect information securely.

1. Risk-Based Security Management

ISO 27001 requires organisations to identify, assess, and treat information security risks in a structured and ongoing way. Rather than relying on generic controls, Fernox applies targeted safeguards based on real threats, ensuring security efforts are effective, proportionate, and continuously updated.

2. Confidentiality, Integrity, and Availability (CIA Triad)

The standard is grounded in the three core pillars of information security:

• Confidentiality — ensuring information is accessible only to authorised individuals
• Integrity — ensuring data remains accurate, complete, and protected from unauthorised modification
• Availability — ensuring systems and information are accessible when needed

These principles shape how Fernox designs systems, manages access, and protects customer data.

3. Governance, Accountability, and Policy Control

ISO 27001 requires clear governance structures, defined responsibilities, and formal policies. This ensures that information security is managed at an organisational level, supported by leadership, and embedded into daily operations — not treated as an afterthought.

4. Continuous Improvement and Ongoing Assurance

Security threats evolve, and ISO 27001 mandates a cycle of continual improvement. Fernox regularly:

• Reviews risks and controls
• Conducts internal audits and management reviews
• Responds to new vulnerabilities and emerging threats
• Undergoes independent external surveillance audits

This ensures our security posture remains strong over time.

5. People, Process, and Technology Alignment

ISO 27001 recognises that effective security depends on trained people, well-defined processes, and secure technology. Fernox invests in staff awareness, operational discipline, and technical safeguards to ensure security is comprehensive and resilient.

 

How ISO 27001 Protects Customer Data

Protecting customer data is a central focus of our ISO 27001-certified ISMS. The framework ensures that personal, commercial, and operational data is handled responsibly, securely, and transparently throughout its lifecycle — from collection and processing to storage and deletion.

Under ISO 27001, Fernox has implemented controls to:

• Restrict access to customer data to authorised personnel only
• Encrypt and protect data where appropriate
• Monitor systems for unauthorised activity or suspicious behaviour
• Secure infrastructure and development environments against cyber threats
• Maintain secure backup and recovery processes to protect data availability

These measures reduce the risk of data breaches, unauthorised access, accidental loss, and misuse.

 

Customer Privacy, Trust, and Regulatory Alignment

Our ISO 27001 certification supports our commitment to customer privacy, data protection, and regulatory compliance, including alignment with modern privacy and data protection requirements such as GDPR.

By maintaining an independently audited security framework, Fernox ensures that:

• Customer information is handled lawfully, securely, and ethically
• Security risks are identified before they become incidents
• Data protection practices are reviewed and improved continuously
• Customers can trust Fernox as a responsible and security-conscious partner

Ultimately, ISO 27001 strengthens our ability to protect customer data while reinforcing transparency, accountability, and confidence in our digital services.

 

How We Maintain ISO 27001 Compliance

To maintain our certification, Fernox:

• Conducts regular risk assessments and internal audits
• Trains employees in information security awareness and best practices
• Updates security policies and controls to reflect evolving threats
• Monitors systems to detect and respond to potential incidents
• Undergoes external audits by Intertek Certification Limited
  

 

Information security is a continuous commitment — not a one-time milestone.