Information security

We take information security very seriously and are proud to say that our Information Security Management System (ISMS) is fully compliant with ISO 27001:2013, as certified by leading global standards maker, British Standards Institute (BSI) under certificate number IS689140.

ISO 27001 is an international standard that recognises an organisations commitment to manage information security. The standard encompasses all our people, processes and technology and demonstrates adherence to our rigorous procedures that govern information security.

Standards and compliance

Our systems are hardened in accordance with industry best practice, monitored by an intrusion detection system (IDS) and replicated at multiple secure data centres over private layer-2 links.

Security should not be a split role. aql operates a dedicated 24/7 security team and all key staff hold British Government National Security Vetting clearances and Metropolitan Police Non-Police Personnel Vetting certificates. Our teams are SIA registered and government vetted to SC clearance level.

image: Security - confidentiality

Confidentiality

All our services are delivered over secure and fully encrypted channels. These include our aql.com web portal and APIs. Industry standard encrypted protocols are used to protect the confidentiality of our customers' data before it traverses any public or private networks.

We support and assist with the installation of private links and virtual private networks (VPN) between our data centres and those used by our customers. Our aql.com web portal supports real-time deletion and encryption of SMS sent items to maintain confidentiality. All our email-based services support TLS as standard.

Availability

Our network is designed to be fault-tolerant and is load-balanced in a high-availability configuration. Underpinning the reliability of our network service lies a resilient, globally load balanced, multi-site presence across 10 data centres in London, Manchester and Leeds. Each of our sites has multiple connections to network service and transit providers, and a resilient MPLS core ring connecting each of our points-of-presence.

We proactively monitor millions of quality- and security-related metrics every day, including hardware, network and application layer attributes, to ensure systems are performing correctly and to defined standards. We offer a 100% availability SLA to all customers connecting to three or more of our points-of-presence.

image: Security availability
images: Security resilience

Resilience

We use multiple-vendor resilient edge-routers on all our sites and operate industry standard fail-over protocols, allowing resilient peering to be achieved with our customers. Connections to mobile network service providers are made from least two of our points-of-presence, providing a high-level of availability.

CiSP

aql has been chosen by CERT-UK to establish and grow the Yorkshire and Humber CiSP (Cyber-security information Sharing Partnership) community. As the nominated champion of the Yorkshire and Humberside regional CiSP – a free national programme run by the Cabinet Office  and as part of our commitment to the region, we help companies across the North improve their own cyber protection.

All CiSP members are provided with the latest information and updates on cyberthreats and vulnerabilities by a joint government and analytical team, adding value to CiSP members and helping organisations reach cyber maturity. Over 2,200 organisations benefit from this, as well as over 6,100 individuals.

images: CERT-UK and CISP