We hold ourselves to the same standards
we implement for you.
Protectify AI is ISO 27001 certified. Our information security management system is independently audited annually. Here is what that means for you and your data.
What our ISO 27001 certification covers
ISO 27001 is not a self-assessment. It requires independent, accredited audit of your security programme โ covering people, processes, and technology. Our certification confirms that we:
- Operate a documented and actively maintained Information Security Management System (ISMS).
- Identify, assess, and treat information security risks systematically.
- Implement controls aligned with ISO Annex A โ including access control, incident management, supplier relationships, cryptography, and physical security.
- Undergo annual surveillance audits to ensure ongoing conformance.
- Recertify every three years through a full Stage 2 audit.
Our security commitments
Access control
Access to client information is restricted on a strict need-to-know basis with role-based controls and regular access reviews.
Confidentiality
All team members are bound by confidentiality obligations. Client data is never shared without explicit written consent.
Incident response
We maintain a documented incident response programme. In the event of any security incident affecting client data, we will notify you promptly.
Supplier management
We assess the security posture of our technology suppliers and ensure appropriate contractual protections are in place.
Risk management
We conduct formal risk assessments at least annually and maintain a risk register that feeds into our control selection and improvement activities.
Continual improvement
Our ISMS is a living system. We review and improve our controls in response to internal audits, surveillance findings, and the evolving threat landscape.
Key policies in place
Data protection
We are registered in England and Wales and process personal data in accordance with UK GDPR and the Data Protection Act 2018. Our Privacy Policy details exactly what data we collect, how we use it, and your rights as a data subject.
We do not sell personal data to third parties. We do not use tracking cookies or advertising technologies on this website. Client engagement data is held only for the duration required to fulfil our services and legal obligations.
Questions or security concerns
If you have a security concern, vulnerability disclosure, or question about our information security practices, please contact us directly at support@protectifyai.com. We take all security reports seriously and will respond within two business days.
Want to see what we'd implement for your business?
Bring your current compliance gaps to a 45-minute working session.
Book a working session โ