Security & Accreditations

The importance of IT security 

Overview 

Without reliable security measures in place, companies face a range of looming risks from data leaks to cyberattacks. At Objectivity, we know how important security is to our clients because we ask — and listen. We approach security from a holistic standpoint, ensuring our clients’ initiatives are safeguarded against any potential threats during the entire engagement, and after their solutions are launched. 

3-phase approach to IT security 

Secure operations & infrastructure

Discovery

• NFR gathering, including security needs, e.g. identity & access management, data protection & data security, regulations (e.g. GDPR)
• Agreeing preventative security measures 

Development

• Security design, utilising dedicated cloud security services
• The identification of allowed third-party and open-source software libraries & frameworks
• Establishing secure networking, environments, and CI/CD pipelines
• Conducting regular code reviews, including security reviews
• Automated scans of code and Docker images in Continuous Integration (SonarQube, Kiuwan)
• Quality assurance, including OWASP recommendations, security tools, and penetration testing (Burp, Zap)

Support & Maintenance

• Monitoring and alerting on security-related issues
• Regular security scans
• Vulnerability management

In line with our holistic approach, our dedicated teams guarantee the utmost security of our clients’ software solutions during every stage of the delivery process — both in terms of operations and infrastructure. 

The appropriate measures are first agreed during the Discovery phase, they are then implemented during the Development stage, and their efficacy is closely monitored as part of our Support services once the project ends. 

Our approach 

Objectivity’s security management 

Striving to make our software delivery even better, we decided to develop our dedicated Information Security Management System. Our security practices are verified by external auditors annually and by our clients on a daily basis. The lessons we learn are immediately implemented and become part of our efforts to continually improve our security management processes. 

How we guarantee the security of our clients’ assets: 

• Controlled hardware environment (laptops and mobile devices) 
• Central identity and access management with Multi-Factor Authentication and processes for granting and revoking access 
• Granular level of authorisation (in repositories, project backlogs & environments) 
• Automated software upgrades 
• Regular incoming email scans 
• Regular software scans focused on allowed applications and vulnerability management 
• Centrally managed security practices enforced and maintained by a proactive, dedicated security team, led by CISO involved in education, consultancy, warnings, and issue fixing 
• Compliance with NHS Data Security and Protection Toolkit: Organisation Search (dsptoolkit.nhs.uk) 

Security certifications 

Accreditations 

At Objectivity, we pay special attention to safeguarding the security of our and our clients’ assets. We have various company-wide standards in place, and we undergo regular, independently-led audits. 

Aside from the ISO27001 and ISO9001 accreditations, we have also been awarded with the Cyber Essentials Plus certification, which sets the standard for security practices, as defined by the UK public sector. The “Plus” in “Cyber Essentials Plus” means that our security configuration is regularly verified by an independent certification body, making us a reliable and trustworthy partner for both public and private sector clients. 

From day one, we strive for excellence in our security practices, working in line with our established approach to security management and achieving the industry’s most important accreditations.