Written by Craig Ingham, Head of Governance and Compliance, Xalient.
Certification to International Standards is an essential component of the modern business world. Certification to these standards provides organisations with external validation of their policies, processes and controls but also corroborates their knowledge and skills in key areas. These international standards have been carefully and painstakingly designed and adapted over the years to ensure that any parties working with certified organisations should feel confident that great care and diligence have been taken to attain recommendations for that certification. At Xalient, we understand the importance of certifications and hold ourselves to the highest global standards of quality and assurance.
As Head of Governance and Compliance at Xalient, I’m responsible for building and developing our processes, people and technical controls and aspiring to ensure that collectively we deliver professional excellence to our customers, both from the service standards that we promise to our customers, as well as ensuring that the confidentiality, integrity and availability of information remain paramount. I work closely with our Board and the Senior Leaders across the business to grow and develop our services and talk to our customers about those services in the context of compliance to information and security best practices.
Six years ago, I joined the Xalient team, bringing experience managing large data centre environments and technical and operational teams for various managed service providers. Many of my customers ran heavily regulated services under the Financial Service Authority (FSA) as well as the National Cyber Security Centre Cyber Assessment Framework (CAF) and Payment Card Industry (PCI) Compliance. Helping those businesses and some of their customers attain certifications gave me the skills and knowledge to bring maturity to Xalient’s products and services.
At Xalient, we’ve always been driven to provide industry-leading services regardless of size. From very early on, we posited that being aligned (and Certified) to IEC/ISO27001 was a key requirement; we understood that not tackling information security in all that we did would have brought risk, not only to Xalient but also to our customers. We understand that providing our customers with information security assurance as a standard is a fundamental requirement, as it protects them and assures them that we are taking every necessary step to mitigate vulnerabilities and threats across our and our customer’s businesses. So, achieving our certifications wasn’t just about ticking a box but rather about demonstrating our commitment to information security and best practices so that our customers have peace of mind that they’re in safe hands.
I’m extremely proud to say that Xalient holds three major certifications:
- IEC/ISO20000:2018 for IT Service Management
- IEC/ISO27001:2013 for Information Security Management and
- The UK Government Certification scheme, Cyber Essentials
These certifications are a testament to our commitment in delivering exceptional service and ensuring the highest level of quality.
For our customers, these certifications provide a sense of trust and assurance, even before they’ve experienced our products or services and position us as a reliable and trustworthy partner in the IT service industry.
Xalient’s Certification and Accreditation
IEC/ISO20000:2018 – IT Service Management
In January 2023, Xalient was awarded the IEC/ISO20000 certification in IT Service Management for our Professional and Managed Services. As someone heavily involved in the process, I can say that it was quite a challenging but incredibly rewarding experience. The IEC/ISO20000 is an international standard for Service Management granted by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). It required Xalient to undergo a rigorous review of our processes and procedures.
Over the last three years, we have worked hard to implement a robust service management framework, incorporating extensive controls, policies, documentation, and processes, as well as ongoing performance evaluations and continuous improvements to industry best practices. This certification is a testament to our team’s hard work and dedication, demonstrating that our Managed and Professional Services divisions align with all of the requirements for the IEC/ISO20000 standard. This certification evidences to our global customers that Xalient has the ability to align its procedures with international best practices and that we are committed to providing them with the highest level of service and support, something we are very proud of.
IEC/ISO27001:2013 – Information Security Management
We attained the IEC/ISO27001 accreditation in December 2017 and have maintained continued certification. This international standard for information security provides a systematic approach to managing and protecting sensitive information. As a company, we recognize that the protection of our customers’ information is paramount and obtaining this certification was a natural progression in ensuring that we have robust information security measures in place.
Obtaining this was no easy feat. It required us to implement a complex policy and risk management framework, establish effective technical governance and controls, and carry out a staff awareness program to ensure everyone is trained to recognise and manage information security threats. We are incredibly proud to hold this certification, demonstrating our commitment to providing the best security for all our customers’ information and our dedication to continuously improving our processes and systems to stay ahead of ever-evolving cybersecurity threats.
I am pleased to say that we have held Cyber Essentials certification for the past three years. This accreditation is an initiative supported by the UK Government and aims to safeguard businesses of all sizes from prevalent cyber-attacks. As part of our commitment to providing the highest level of security for our customers, we have implemented a comprehensive set of technical controls that are aligned with Cyber Essential guidelines.
With this certification, Xalient can effectively defend against cyber-attacks, thereby preventing cybercriminals and other potential threats from targeting vulnerable areas. This gives our customers confidence that their defences are robust enough to withstand common cyber-attacks.
What’s next for Xalient?
As we prepare for the new UK Network and Information Systems (NIS) Regulations planned to go live in mid-2024, we are already adapting to the upcoming changes. Managed Service Providers like Xalient will be brought under the same regulations as essential services such as gas, water, and energy, which means we will have to ensure our internal cyber incident reporting systems meet the standards required to report to regulatory bodies such as Ofcom, Ofgem, and the ICO. This will place Managed Service Providers among the more highly regulated industries in terms of cybersecurity laws.
To comply with the new regulations, we are working to align our controls with the new IEC/ISO 27001:2022 standard launched in November 2022. This means we are adapting our existing controls and policies to support additional threat intelligence, define our use of cloud services, enable physical security monitoring, and more throughout 2023. By early adoption of the 2022 standard, we are further positioning ourselves as a trusted partner in the IT service industry, instilling confidence in our customers and setting us apart from the competition.
We are proud of our accomplishments and remain dedicated to continuously improving our processes and systems to stay ahead of the ever-evolving cybersecurity landscape. As we look to the future, we will continue to adapt and align ourselves with the latest industry standards, cementing our reputation as a leading provider of IT services.