Information Security
We are not currently ISO 27001 certified, but our quality and information security systems are aligned to ISO 27001 principles.
Our Position
Practical controls, clear ownership and continual improvement.
Antelle handles client and internal information as part of software delivery, support, consultancy and ongoing operational work. We take that responsibility seriously, with working practices designed to protect confidentiality, integrity and availability.
Our current position is deliberately clear: Antelle is not ISO 27001 certified. We do, however, use ISO 27001 as a reference point for the way we structure our quality and information security systems.
That means we focus on proportionate controls that fit the size and nature of our business: controlled access, secure handling of client information, sensible supplier management, backup and recovery planning, incident awareness and repeatable delivery processes.
We prefer a direct, honest statement of our current approach over implying a certification status we do not hold.
How We Apply The Principles
Information Protection
We use access controls, secure storage, controlled sharing and practical handling rules so client and internal information is only available to people who need it.
Documented Processes
We maintain working procedures for key activities such as support, change handling, backup, access review and delivery governance, so controls are repeatable rather than informal.
Supplier And Cloud Awareness
We consider where information is stored, which suppliers or cloud services are involved, and what controls are needed when systems rely on Microsoft cloud services, hosting platforms or third-party tools.
Review And Improvement
We review controls as the business, client requirements and technology estate change. The aim is continual improvement rather than a one-off policy statement.
Client Assurance
Clients may ask about our information security arrangements during procurement, onboarding or ongoing support. We can discuss our current controls, working practices and the way we handle information for a particular engagement.
Where a client has specific compliance, confidentiality, hosting or audit requirements, we prefer to identify those early so the right controls can be reflected in the delivery and support approach.