Our Accreditations & Certifications
Venom IT is now officially a G-Cloud-approved Cloud Services Provider, in addition to already being Cyber Essentials, ISO9001 and ISO27001 certified. But, what do all these certifications mean, and are they really important?
G-Cloud is, in simple terms, a list of pre-approved suppliers from whom any government institution (that would normally be required to put out a tender) can buy products or services directly, thereby saving the time and cost involved in creating a full tender. The application process to become an approved vendor is fairly complex, and potential vendors are scrutinised against a list of several minimum requirements of security and quality assurance.
G-Cloud approval means that a company meets HM’s government standards for:
- Cloud Hosting
- Cloud Software
- Cloud Support
ISO9001 is primarily focussed on Quality and Efficiency – any company that is ISO9001 certified is independently audited to ensure that they meet the requirements. Quality assurance is becoming more and more important, especially with fly-by-night vendors pushing sub-standards goods and services onto the market over the internet.
Briefly, ISO9001 certification means that the company meets minimum standards in respect of:
- Good leadership
- Proper planning
- Operation & processes
- Performance evaluation of goods & services
- Customer support and customer satisfaction
- Continual Improvement of goods & services as well as organisation structures
ISO27001 is focussed on Information Security, with Efficiency as a secondary focus. As with ISO9001 certification, ISO27001 is independently audited in order to get certification. ISO27001 also has various codes of practice that can be included in the audit – for example, ISO27017, which is the code of practice specifically for providers of Cloud services.
In essence, ISO27001 certification means that the company meets minimum standards in respect of:
- Good leadership
- Information Security risk assessment
- Human resource security
- Asset management
- Access control
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships and checks
- Information security incident management & response
- Business continuity/Disaster recovery management
- Compliance with data protection laws, as well as internal policies & procedures as agreed during the initial assessment & certification
Simply put, Cyber Essentials and Cyber Essentials Plus are a set of basic, technical controls designed to help organisations protect themselves against common online security threats.
Although ISO27001 is a far more complex assessment than either CE or CE+, both CE certifications have a few unique checks that make it worth having for any business. The CE and CE+ certifications also require an independently-performed penetration test of your network by an approved security specialist, which ISO27001 doesn’t.
CE is self assessed (apart from the pen test) whereas CE+ involves and onsite audit performed by an approved security specialist.
CE or CE+ certification means that the company meets the five basic security standards of:
- Boundary firewalls and internet gateways are in place
- Secure configuration of all systems
- Proper access control is in place
- Malware protection on all systems
- Patch management of all hardware
Various industry leaders, such as Microsoft, Dell, HP and others, offer partnership programmes by which smaller businesses that meet the criteria can gain certification as trusted partners, meaning the smaller company follows similar policies, procedures or guidelines as what the industry leader does, and adheres to minimum quality requirements. Often, minimum training requirements/examinations are also in place.
The Point of Certifications
What all these certifications really mean is that you, as a buyer, can do so with confidence that the services or goods you purchase are of good quality and high standards, and that your supplier is committed to giving you great after-sales service or support. You also know that, in the event of a dispute, you sometimes have a controlling authority you can approach for arbitration if all else fails.
With the almost unchecked growth of cyber crime, along with unscrupulous service providers offering sub-standard Cloud services, it’s really important that you make sure you deal with a company that takes both Quality and Security very seriously.
The full list of Venom IT’s G-Cloud-11 approved services is: