Embedding New Standards Across the Team 

Since December 2023, PSP has been working towards ISO 27001:2022 certification to validate our information security processes and provide greater assurance to our clients. This journey has involved updating our policies, procedures and work instructions to meet the rigorous requirements, ensuring our systems are secure and resilient. 

We are now in the embedding phase, where all staff have received updated policies, procedures and work instructions, supported by comprehensive training on best practices. Our team is actively implementing these changes and we are conducting internal audits to prepare for external validation later this year. This process ensures our operations align with the highest standards of information security, reinforcing our commitment to protecting client data. 

To keep our development team at the forefront of secure practices, all developers have completed a secure development course. This training covered proactive OWASP controls, GDPR compliance and the latest cybersecurity threats, equipping them to build secure, compliant solutions for our clients. 

What is ISO 27001:2022? 

ISO 27001:2022 is the latest international standard for Information Security Management Systems (ISMS), replacing the 2013 version. It provides a framework to protect sensitive information by ensuring its confidentiality, integrity and availability through a risk-based approach. Applicable to businesses of all sizes, the standard addresses modern cybersecurity challenges and aligns with ISO 27002:2022. 

The standard requires organisations to identify and mitigate risks specific to their operations, integrating security into everyday processes. It promotes continuous improvement and helps meet regulatory and stakeholder expectations. Annex A of ISO 27001:2022 includes 93 controls, organised into four key areas: 

  • Organisational (37 Controls): Covers policies, roles, risk management, supply chain security, threat intelligence, and business continuity. New controls include cloud service security and ICT readiness.
  • People (8 Controls): Focuses on training, awareness, and managing human-related risks.
  • Physical (14 Controls): Ensures secure premises and equipment protection.
  • Technological (34 Controls): Includes encryption, network security, and new controls like endpoint security and data masking. 

By adopting ISO 27001:2022, PSP is equipping itself to manage risks effectively, promote trust and resilience in an increasingly digital world. 

A Commitment to Client Success 

Since 2008, PSP has been a strategic digital partner to our clients, delivering tailored digital transformation and IT solutions. Achieving ISO 27001:2022 certification will further demonstrate our dedication to information security excellence and the commitment to the success of our clients. 

If you’re interested in learning more about our outsourced IT services or digital transformation expertise or you’d like to discuss recovering a failed IT project, let’s talk