Trust Centre

Overview | Security | Privacy | Policies | Assessments

ISO 27001

The Pulsar Group (formerly Access Intelligence Group),  has achieved the ISO/IEC 27001 certification. This is an international standard for Information Security Management that demonstrates an ongoing commitment to apply the most rigorous risk management model to protect information and data belonging to both the Group and its clients.

Pulsar Vuelio Isentia ResponseSource

The standard forms the basis for the effective management of confidential information and the application of information security controls (Statement of Applicability). It recognises an ongoing commitment to review systems and suppliers, identify risks, assess implications and put controls in place for data security. This includes auditing all systems, information assets, operational processes, legal and regulatory requirements, and an ongoing training programme to strengthen the organisation’s expertise in risk management and data security.

ISO 27001 recognises the Group’s exceptional standards in data management and security. This benefits all clients who can rely on the company’s ability to store and process sensitive data in a secure way underpinned by robust systems, increased business resilience, and improved management processes.

Download the ISO 27001 Certificate

GRC

Governance, Risk, and Compliance (GRC) is a structured way to align IT with business objectives whilst managing risks and complying with legal obligations. It includes tools and processes to unify an organisation’s governance and risk management with its technological innovation and adoption. Pulsar Group uses GRC to achieve organisational goals reliably, remove uncertainty, and meet compliance requirements.

Information Security Governance

ISO 27001 is a globally recognised standard for the establishment and certification of an information security management system (ISMS). Our entire information security program is built on the ISO 27001 framework and we complete re-certification and surveillance audits annually.

All information security policies are approved by senior management and reviewed through a program of internal and external audits.

The latest version of the Pulsar Group Information Security Policy is available below:

Download the Information Security Policy

People Security

Everyone at Pulsar Group is committed to the security & privacy of information.

All team members understand their responsibilities and have signed confidentiality agreements which cover client and business information.

We have an ongoing training and education programme where all colleagues regularly refine their knowledge of common cyber threats and how to identify them.

Information Assets

Asset Management

Our ISMS contains a comprehensive Inventory of Assets.  Asset Owners ensure that all information assets are protected, maintaining their confidentiality, integrity and availability.

Access to information assets is always restricted to the minimum required to undertake authorised business activities.

Risk Assessments are carried out based on Pulsar Group’s risk assessment methodology.

Control objectives from ISO 27001 are recorded in the ISMS, including our Statement of Applicability (SoA) to show which security controls have been selected to mitigate any identified risks.

Supplier Management

Information is stored with cloud suppliers.

New suppliers are reviewed to ensure they hold the same level of security & privacy posture that complies with Pulsar Group’s Information Security Policy. After onboarding, suppliers are reviewed annually.

As well as information security and data protection & privacy, these checks also include reviewing quality, availability, and continuity of service.

Any supplier which processes personal data on behalf of our clients is listed on the Sub-Processor page.

Product Security

Penetration Testing

Our products are designed and developed with integrated security controls. To ensure these are working effectively, we regularly organise product penetration tests with a CREST-certified company.

Secure Development

We minimise risks during development by training our developers to follow coding standards and best practices e.g. OWASP recommendations. Each source code change has several stages of review prior to deployment using Version Control systems.

Our products are hosted in the cloud and we conduct regular compliance checks for all our suppliers.

Network Security

To protect data as it’s transferred between your systems and ours we take a layered approach:

  • All network traffic runs over HTTPS and is encrypted with TLS 1.2
  • All products are protected behind Web Application Firewalls (WAF).
  • All offices are physically secure and protected behind firewalls from well-known security vendors.
  • All end-points have Endpoint Detection and Response (EDR) software enabled. This includes Anti-Virus/Anti-Malware and Intrusion Detection configurations.
  • All security software is monitored 24/7/365 by an external SOC. 

Data Centres

For resiliency, our products are hosted in a mix of cloud and on-premise environments:

  • Pulsar is hosted on Amazon Web Services in Ireland
  • Vuelio is hosted on Microsoft Azure in the UK
  • Isentia is hosted on Amazon Web Services in Australia
  • ResponseSource is hosted on-prem in the UK

These data centres provide physical security 24/7 and redundant utilities to ensure your data is safe.

Access Control

We follow the Principle-of-Least-Privilage to ensure that only people who need access, get access. Access requests must be sent from the Asset Owner for review. All granted access is reviewed frequently.

Product access controls:

  • Strong passwords are required by default on all products.
  • MFA is also available on Pulsar, Vuelio and Isentia Platforms.
  • SSO (via AAD oAuth 2.0) is also available on Pulsar, Vuelio and Isentia Platforms.

Logging

System logs are a critical component to monitor system health and investigate issues. We monitor logs from all infrastructure and products and have alerting configured.

Certain system logs are aggregated in a Security Information and Event Management (SIEM) solution which is monitored in real-time by an external Security Operations Centre (SOC).

Handling Incidents

If Pulsar Group were ever to suspect or suffer a loss of confidentiality (e.g. data leak), integrity (e.g. website hack) or availability (e.g. service is down) the Incident Response Team would be alerted immediately. Each incident is triaged as a priority with automatic escalation configured and communicated accordingly.

Business Continuity

System backups are taken daily and stored in an encrypted and immutable state.

We maintain a robust Recovery & Continuity Plan for production services and platforms. These plans are tested regularly to ensure they are effective.

Risk

A sustained process of identifying, addressing and mitigating risks through controls, and providing assurance that the risks are managed according to policies. This includes a measurement of risk, assessment, retention and monitoring.

Compliance

Ensuring all activities within an organisation operate in a way that is aligned with applicable legislation and standards.

The General Data Protection Regulation (GDPR) extends the reach of the UK/EU’s data protection laws and establishes many new requirements for organisations that fall under its scope.

Pulsar Group has published a Privacy Policy and provides more information in this Trust Centre on its GDPR Compliance.

As well as ISO 27001 (Information Security), Pulsar Group is also certified with: