ISF Trust Centre

At the Information Security Forum (ISF), we are committed to maintaining the highest standards of security, privacy, and compliance.

We believe that trust is earned through transparency and accountability. This Trust Centre provides access to our security policies, compliance certifications, and privacy practices to help you make informed decisions and feel confident in our partnership.

Documents Access key documents here

Controls Review security controls here

Subprocessors Understand our subprocessors

Security & Compliance

Leadership and Organisational Security

Senior management provides formal commitment to information security through established policies and frameworks. An Information Security Management System certified against ISO/IEC 27001 oversees security operations with dedicated committees ensuring continuous improvement and compliance monitoring.

Cloud Infrastructure and Platform Protection

ISF utilises Microsoft Azure's UK-based infrastructure exclusively for all Tools platforms. Multi-region deployment across UK South and UK West ensures operational resilience, supported by availability zone architecture and comprehensive system monitoring.

Encryption and Data Safeguarding

AES-256 encryption protects information both at rest and during transmission. Automated daily backup processes store data across geographically separated UK facilities, with additional European redundancy providing enhanced protection against data loss whilst complying with local legislation.

Identity Management and System Access

User authentication follows strict authorisation protocols with role-based permissions governing system entry. Multi-level approval processes involving senior staff and technical teams control access to critical infrastructure and Member data.

Secure Development and Vulnerability Assessment

Security-by-design principles guide all software creation and maintenance activities. Independent security specialists conduct annual comprehensive testing programmes, while ISF restricts artificial intelligence utilisation within Member-facing systems.

Business Resilience and Crisis Response

Comprehensive risk evaluation processes identify and mitigate potential threats to operations. Documented recovery procedures with measurable objectives ensure service restoration, supported by specialist teams trained in crisis coordination and Member communication.

Privacy Protection and Regulatory Adherence

Compliance with UK data protection legislation is maintained through dedicated privacy expertise and established data handling procedures. Member information remains within UK borders under strict processing controls that respect individual privacy rights and preferences.

Workforce Security and Competency Development

Personnel undergo rigorous background checks before gaining platform access. Structured training programmes ensure staff maintain current security knowledge through initial certification and ongoing annual education requirements.

Operational Excellence and Service Delivery

Service availability consistently meets 99.9% through proactive maintenance scheduling and performance optimisation. Planned system updates occur during minimal-impact periods with advance Member notification ensuring operational transparency.

Partner Security and Supply Chain Governance

External service providers operate under stringent contractual security obligations and regular compliance verification. Formal supplier evaluation processes assess security capabilities before engagement, with ongoing monitoring ensuring continued adherence to ISF standards.

Network Defence and System Monitoring

Segregated network architecture isolates critical systems from potential threats. Advanced firewall configurations protect infrastructure boundaries while comprehensive logging captures security-relevant events for analysis and incident detection.

Data Continuity and Recovery Operations

Encrypted backup systems undergo regular testing to verify both data integrity and restoration capabilities. Automatic capacity management ensures systems adapt to varying demand while maintaining performance standards across all potential scenarios.

ISF Code of Conduct

We are an international organisation, providing products and services to, and interacting with organisations and governments all around the world.

We fully support and comply with applicable laws and international frameworks, including the UN Declaration of Human Rights, UN Guiding Principles on Business and Human Rights, EU Charter of Fundamental Rights, OECD Guidelines, ILO Fundamental Principles, and UK Modern Slavery Act. We expect the same from our business partners and suppliers.

We are committed to acting ethically and with integrity in all our business dealings and relationships and strive to reflect the diversity of the ISF Membership by developing products and services that meet the needs of our distinct and global Member community.