ISO 27001

What ISO 27001 is and why is it important?

ISO 27001 is an internationally recognised standard for Information Security Management Systems (ISMS) that helps organisations protect sensitive information, comply with regulations, mitigate risks, ensure business continuity, gain a competitive edge, and build trust with stakeholders.

Scope of Certification

Scope of

At Auto Finance Technology Ltd, we prioritise the security and integrity of your information. We are proud to be ISO 27001 certified, underscoring our unwavering commitment to safeguarding sensitive data and ensuring the highest standards of information security. Our certification covers the following areas.

With Auto Finance Technology Ltd, you can trust that your information is in safe hands. Our ISO 27001 certification reflects our unwavering commitment to securing your data, protecting your interests, and maintaining the highest standards of information security. We are dedicated to ensuring the confidentiality, integrity, and availability of your data in every aspect of our operations.

We specialise in the development, deployment, and maintenance of our innovative Customer Relationship Management (CRM) platform. This platform is tailored specifically for motor dealers and car finance brokers, enabling them to streamline their operations and enhance customer relationships.

Our primary operations extend across various locations, including remote and on-site settings relevant to critical activities. Our reach encompasses wherever our services are provided, ensuring the consistent application of robust information security practices.

Your data is our priority. Our Information Security Management System (ISMS) safeguards all digital and physical information assets associated with our CRM platform. This includes customer data, software code, documentation, and various other relevant resources.

We are committed to complying with all applicable legal and regulatory requirements, including the rigorous standards set forth by the UK General Data Protection Regulation (UK GDPR). This compliance ensures the highest level of data protection and confidentiality.

Our dedication to information security extends to our interactions with external parties, which include broker and lender integrations, customers, and partners. We maintain the highest standards of data security in all our collaborations.

While our certification encompasses a broad spectrum of activities, certain external services, such as telecommunications and hosting, fall outside the scope of our ISO 27001 certification. Nevertheless, these services are subject to contractual information security requirements to maintain the security and confidentiality of your data.


Benefits of ISO 27001

ISO 27001 is an internationally recognised standard for information security management systems. Implementing ISO 27001 can bring several significant benefits to both customers and partners in the UK, including:

Improved Data Security

ISO 27001 helps establish robust information security controls and practices, reducing the risk of data breaches and unauthorised access to sensitive information.


Risk Management

ISO 27001 encourages the identification, assessment, and mitigation of information security risks systematically. This proactive approach reduces the likelihood of security incidents.


Data Integrity

ISO 27001 ensures the accuracy and reliability of data. This standard provides guidelines for data backup, recovery, and change management, helping to prevent data corruption and loss.


Regulatory Compliance

ISO 27001 is designed to align with various data protection regulations, such as the GDPR in the EU and the Data Protection Act in the UK. Compliance with ISO 27001 can simplify the process of meeting regulatory requirements.


Enhanced Confidentiality

ISO 27001 promotes the classification and protection of confidential data, ensuring that only authorised personnel can access and handle sensitive information, which is crucial for maintaining trust.


Increased Trust and Reputation

ISO 27001 certification serves as a symbol of our dedication to information security. Customers and partners can have greater confidence in our ability to protect their data, which can enhance trust and reputation.


Streamlined Communication

ISO 27001 provides a structured framework for information security management, which makes it easier for organisations to communicate their security practices and policies to customers and partners.


Continuous Improvement

ISO 27001 promotes a culture of continuous improvement in information security. Regular audits and reviews help identify areas for enhancement, ensuring that security measures remain up to date and effective.


Commitment to
Data Protection

We have implemented stringent security measures to safeguard sensitive information. These measures include encryption, access controls, and regular security audits. Our ISO 27001 certification reflects our commitment to maintaining the confidentiality and security of your data.

Maintaining data integrity is a core value. We employ comprehensive data validation and quality control measures to ensure that your data is accurate, consistent, and reliable. Our ISO 27001 certification also encompasses data integrity management as a critical aspect of information security.

We understand the importance of data availability. Our systems are designed for resilience, with redundancy and backup mechanisms in place to ensure uninterrupted access to your data. ISO 27001 includes measures for business continuity and disaster recovery, which further enhance data availability.

We are committed to continual improvement in our information security practices. Our ISO 27001 certification is not just a milestone but a part of an ongoing journey to enhance the security, integrity, and availability of your data.

Your trust is invaluable to us. Our ISO 27001 certification serves as a testament to our dedication to earning and maintaining your trust. We are honoured to have the opportunity to serve you with the highest standards of data security, integrity, and availability.


Independent Verification

Our ISO 27001 certification can be independently verified on the International Accreditation Forum (IAF) website. The IAF is a global association that maintains a directory of accredited certification bodies and their certifications. You can review the details of our ISO 27001 certification by visiting the IAF website.

It's important to note that the IAF (International Accreditation Forum) and UKAS have a mutual recognition agreement (MLA) in place. This means that UKAS accredited conformity assessment bodies (CABs) are automatically recognised by the IAF, and vice versa. Therefore, an IAF Verifiable ISO 21007 Certificate issued by a UKAS accredited CAB is equivalent to an IAF Verifiable ISO 21007.

Case Studies

Security Practices

At Auto Finance Technology Ltd, we take information security seriously. Our commitment to safeguarding your data and ensuring the confidentiality, integrity, and availability of your information is at the core of our operations. Here are some of the key security practices that set us apart:

Compliance and Audits

Our Commitment to Compliance and Audits

At Auto Finance Technology Ltd, we are dedicated to maintaining the highest standards of compliance and undergoing regular audits to ensure the security and integrity of your data. Here's an overview of our compliance and audit practices:


AutoFintech FAQs

Here are some common questions and answers regarding our commitment to data protection:

ISO 27001 is an international standard for managing information security. It provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The certification demonstrates that an organisation has identified the risks, assessed the implications, and put in place systemized controls to limit any damage to the organisation.

The importance of ISO 27001 certification lies in its comprehensive approach to securing the confidentiality, integrity, and availability of corporate information. It's crucial for protecting sensitive data, complying with legal requirements, enhancing customer and stakeholder confidence, managing and mitigating risks effectively, and securing an organisation's information assets.

ISO 27001 benefits customers by ensuring that their data is handled securely and confidentially. This certification reassures customers that the organisation adheres to the highest standards for information security, thereby reducing the risk of data breaches and increasing trust in the organisation's ability to safeguard sensitive information.

As a company certified in both Cyber Essentials and ISO 27001, our compliance with UK GDPR is grounded in robust cybersecurity and data management practices. Cyber Essentials' certification demonstrates our commitment to fundamental cybersecurity measures, protecting data from common online threats. ISO 27001, with its focus on information security management, ensures that we have comprehensive systems and controls in place to protect the confidentiality, integrity, and availability of personal data.

Specifically, we adhere to UK GDPR by conducting regular data protection impact assessments, ensuring that personal data is processed lawfully, transparently, and for specified purposes. We maintain stringent data security protocols, including encryption and access controls, to safeguard data. Additionally, we ensure ongoing staff training in data protection, have clear procedures for responding to data breaches, and uphold individuals' rights concerning their data. Our dual certification underpins these efforts, reflecting our holistic and proactive approach to data security and compliance.

Under the requirements of ISO 27001, Cyber Essentials, and UK GDPR, our security practices are audited and improved on a regular basis to ensure ongoing compliance and optimal data protection. Specifically:

ISO 27001: This standard necessitates an annual surveillance audit with a comprehensive re-certification audit every three years. Additionally, it requires regular internal audits and management reviews to ensure the Information Security Management System (ISMS) remains effective and responsive to changes.

Cyber Essentials: While this certification is renewed annually, we continuously monitor and update our cybersecurity measures in line with evolving threats and technological advancements.

UK GDPR: Although there is no fixed audit schedule mandated by UK GDPR, we conduct continual assessments of our data processing activities. We conduct regular reviews of our data protection practices, including impact assessments for new projects and periodic audits to ensure GDPR compliance.

Overall,our commitment to these standards involves a continuous process of monitoring, reviewing, and improving our security practices to stay aligned with the latest threats and regulatory requirements. This approach ensures not only compliance but also the highest level of security and trust from our customers.

Two-factor authentication (2FA) is a security process in which users provide two distinct forms of identification to access a service or system. Typically, this involves something they know (like a password) and something they have (such as a mobile device or security token). In our organisation, we implement 2FA across all supplied CRM platforms and portals to ensure robust access controls. This additional layer of security is crucial for protecting sensitive data and preventing unauthorised access.

In the motor finance industry, many portals unfortunately still do not include two- factor authentication, which we view as a significant security risk. Recognising the potential vulnerabilities this poses, we strictly require all our customers and employees to use 2FA when accessing our systems. This policy not only aligns with best practices in cybersecurity but also demonstrates our commitment to safeguarding our clients' and company's sensitive information. By insisting on 2FA, we significantly enhance the overall security of our digital interactions and transactions.

This is an integral part of its broader framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS).