Certification
Jisc provides some services certified to ISO9001 and ISO27001. We are independently assessed against the relevant International Organisation for Standardisation (ISO) standard by Lloyds Register.
ISO9001
ISO9001 is an international quality management standard that focuses on developing and delivering products and services that meet customer requirements within the aim of improving customer satisfaction.
Our current certificate scope covers:
- Janet network operations
- Cyber security services
- Connectivity and federated roaming services
- Training services
- Cloud services – consultancy, professional, and managed services
- Trust and identity services
- Student services – higher education qualification verification, student careers advice and opportunities, labour market information and analysis
- Digital content and software licence negotiation
- Data analytics services
View our ISO 9001:2015 certificate of approval (pdf).
For more information about our ISO9001 certification or associated activities, email quality@jisc.ac.uk.
ISO27001
ISO27001 is an international information security management standard that focuses on how we ensure the confidentiality, integrity and availability of our information.
Our current certificate scope covers the provision of information security for the following services :
- Federated roaming services
- Libraries, learning resources and research services
- License negotiations and agreements (Chest)
- Cloud services
- Trust and identity services
- Cyber security services
- Janet network operations
- Data analytics services
- Data collections and statistics
Supporting documentation
ISO9001 and ISO27001 requires organisations to draw up high level policies setting out their commitment to quality and information security objectives and principles.
These policies should be available as documented information, be communicated within the organisation and be available to interested parties as appropriate.
Annex A of ISO27001 contains a comprehensive set of information security controls and control objectives. Organisations can design their own controls, or identify controls from any source, but should compare them with the Annex A controls, to ensure that no necessary controls have been omitted.
They also need to set out the rationale for the security controls they are employing and the justification for any that they are not in an ISO27001 Statement of Applicability (SoA).
In addition, organisations should define a process for handling information security incidents in accordance with ISO27001 (Annex A.16).
ISO9001 and ISO27001 requires organisations to draw up high level policies setting out their commitment to quality and information security objectives and principles.
These policies should be available as documented information, be communicated within the organisation and be available to interested parties as appropriate.
Annex A of ISO27001 contains a comprehensive set of information security controls and control objectives. Organisations can design their own controls, or identify controls from any source, but should compare them with the Annex A controls, to ensure that no necessary controls have been omitted.
They also need to set out the rationale for the security controls they are employing and the justification for any that they are not in an ISO27001 Statement of Applicability (SoA).
In addition, organisations should define a process for handling information security incidents in accordance with ISO27001 (Annex A.16).
For more information about our ISO27001 certification or associated activities, email information.security@jisc.ac.uk.
Cyber Essentials and Cyber Essentials Plus
Cyber Essentials is a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online security threats.
Our Cyber Essentials certification covers all end user device networks within Jisc office premises and remote workers, excluding segregated server infrastructure networks.
View our Cyber Essentials certificate (pdf).
Our penetration testing service, including firewalls and routers, located in the UK has separate Cyber Essentials and Cyber Essentials Plus certification: