International Organization for Standardization (ISO)
Overview
Shireburn Software prioritises fulfilling its commitments to clients by safeguarding the security, privacy, and accessibility of the Shireburn Indigo infrastructure.
Alongside hosting Shireburn Indigo on the Microsoft Azure Cloud infrastructure and integrating security measures into the software, we meticulously configure the environment to uphold these standards. Moreover, we periodically engage third-party specialist organisations to conduct impartial evaluations of our systems and infrastructure.
ISO 27001:2022 – Information Security
The ISO 27001:2022 standard serves to ensure the ongoing maintenance and enhancement of Shireburn's Information Security Management System. This certification underscores Shireburn's dedication to keeping our team abreast of the latest IT security risks.
By obtaining this certification, we affirm to our clients that the information we handle is managed with precision, safeguarding the confidentiality, integrity, and accessibility (CIA principle) of their data.
ISO 9001:2015 – Quality Management
ISO 9001:2015 certification means that Shireburn's Quality Management System has met all stipulated criteria, guaranteeing that our products and services align with customer expectations and comply with statutory and regulatory standards.
Attaining this certification reflects our perpetual commitment to embracing innovative approaches, ensuring that the quality of our products and services consistently meets and exceeds both customer expectations and our internal benchmarks.
Penetration Tests
Penetration Tests are another type of security test consisting of reviewing the practices, software and settings, and any attempts to circumvent any security provisions in the infrastructure or the application software. The findings of these tests are reported to Shireburn Software which, if applicable, would modify any appropriate issues prior to a re-test being undertaken.
The most recent Penetration Test of the Shireburn Indigo environment was undertaken by Kyte Consultants Ltd in December 2023. The best practice OSSTMM (Open Source Security Testing Methodology Manual), OWASP (Open Web Application Security Project), PCI-DSS NIST and ISACA penetration testing and auditing standards and guidelines were used. Semi-automated and manual techniques were used to evaluate the security of the target systems.
Kyte Consultants Ltd is an established cyber security company with more than 15 years' experience in the field. A certificate of successful testing was issued on 15 December 2023 and is linked below.
Previous Recent Penetration Tests
December 2022 - Certified by Cybergate International, View Certificate
December 2021 - Certified by Cybergate International, View Certificate