ISO27001 Certification

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Lorem ipsum dolor sit ame. Lorem ipsum dolor sit amet, consectetuer

BS EN ISO/IEC 27001:2017 Compliance


Brookes is certified as compliant to BS EN ISO/IEC 27001:2017 by the British Assessment Bureau. (certificate number  215312)

It is the policy of Brookes to maintain an Information Security Management System (ISMS) designed to meet the requirements of ISO 27001 in pursuit of its primary objectives, purpose and context of the organisation. 

It is the policy of Brookes to: 

  • make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the ISMS.  
  • comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
  • provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met;
  • ensure that all employees are made aware of their individual obligations in respect of this policy;
  • maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of the ISMS based on “risk”.

This ISMS provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets. 

To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by our senior management team to ensure it remains appropriate and suitable to our business.  The ISMS is subject to both internal and external annual audits. 

Scope of the Policy  

The scope of this policy relates to use of the database and computer systems operated by the company in pursuit of the company’s business of providing software services to the Supply Chain sector. Where appropriate, it also relates to external risk sources including functions that are outsourced.