Information security

Friend aims to protect the security, integrity, confidentiality and availability of all information under its control through the implementation of appropriate policies, procedures and controls documented in our Information Security Management System (ISMS) which is ISO 27001 certified.

Friend operates a business risk approach to the controls which are implemented, and a risk treatment plan is documented and reviewed quarterly. There is a documented methodology for assessing risks and deciding levels of acceptable risk.

The management team at Friend is committed to ongoing review and improvement, to reduce the risk of security incidents and ensure continued contractual and legal compliance. A system is maintained for the setting and review of objectives for the continual improvement of the ISMS.

To ensure that all staff, customers and third parties are aware of the company’s ISMS, and their specific responsibilities within it, this policy is communicated to all parties with awareness training as required.

The Friend Board is committed to support the management of information security at all levels and ensures the necessary resources are available.

Our information security policy is available upon request.

External information security audits completed


October 2018


January 2018

NCC Group

January 2018


Friend ISO 27001



General Data Protection Regulation and Information Commissioner’s Office


Network security and secure file sharing