We understand it’s important for your information to be secure. Stakeholders need confidence in the service in terms of security, accessibility and reliability. We can give you that assurance, and we also go further to as illustrated below with our credentials in this area.
Before listing those credentials, it is worth just reinforcing the power that an certified platform like pam offers. Too often we hear about information security breaches, lack of confidence in this agency or that provider, and how people need to trust one another when working together from different agencies. Trust in individuals is important, but it is also crucial that the whole ‘system’ can be trusted too. With pam to connect partners together securely in the cloud it gives those anxious stakeholders much more confidence in the whole system.
PSN and pan-government certified service
In order to comply with government policies on management of information and enable people to have the most flexibility in use for the sensitive working we enable, pam was the first and only IL3 RESTRICTED service of its type to be certified by CESG to meet the then very stringent pan-government accreditation.
Despite some easing off of the security requirements by GCloud management to promote many more services onto the framework, Alliantist maintains a very stringent approach, following the original pan-government requirements and going further for specialist agency work. This includes regular penetration tests and a continuous improvement philosophy in line with our ISO 27001: 2013 certifiaction.
pam is now a PSN (Public Services Network) certified service to manage information that is marked up to OFFICIAL-SENSITIVE. It is a PSN-P service. pam can also be delivered for higher levels of threat management and locally certified to work beyond OFFICIAL SENSITIVE, including SECRET levels and what was old IL4/IL5 marking.
Having also achieved the highest levels of pan-government accreditation as part of our G-Cloud framework position it means that agencies and their partners can trust the environment and quickly adopt the platform to get early benefits. It also saves the agencies themselves spending weeks or months of cost locally accrediting it (unless they want to operate beyond OFFICIAL SENSITIVE). We are also one of the few services that have received PSN certification overall. This version of pam runs exclusively over the secure government networks PSN, PSN-P, GSI, GCSX, and PNN.
UKAS Certified ISO 27001: 2013
Alliantist, the organisation behind pam, and pam are UKAS certified ISO 27001: 2013. (Registration number ISM 1012806). Our key data centre partners have the same or equivalent certification too and all customer information is hosted in the UK at these secure data centres.
Cyber Essentials Framework
Whilst not anywhere near as stringent as the ISO 27001: 2013 standards, we are also compliant with the government Cyber Essentials Scheme.
MOPI – Management of Police Information
pam is compliant with the MOPI standards.
HMG Security Policy Framework
In addition to the ISO 27001: 2013 Alliantist has also met the stringent obligations to be compliant with the original (HMG SPF) Security Policy Framework standards HMG SPF.
Cloud services delivered over the internet
The code base that runs our separate internet services is identical to the IL3/Official Sensitive service so users can remain confident of high levels of trust in the platform security. The datacentre provider is also UK based and meets the world class expectations for ISO 27001 and related credentials you expect for a hosting provider.
Confidence in the ISMS
Alliantist manages all its certifications as part of an integrated Information Security Management System (ISMS) on pam. If you would like to see our ISMS in practice then contact us to learn more, or to understand a bit more about how we deliver a paperless and digital ISMS to these standards, take a look at ISMS.Online, our new service offering specifically focused on helping others achieve success around information security.
As big users of pam ourselves, we know how essential it is to get access whenever and wherever you want. Beyond our security credentials above, we invest heavily in pam’s reliability to ensure that pam is available all the time. We guarantee a minimum of 99.5% uptime and over the past 7 years have achieved beyond 99.8%, with 100% uptime for all factors within our control.
Effective backup and disaster recovery solutions are in place to give you and us (as well as the ISO 27001: 2013 accreditor) the peace of mind that in the unlikely event that we need to recover or switch services, we can do so quickly and easily.