BITS Trust Centre
At BITS, we put security and compliance first to earn and keep your trust.
Our Certifications
ISO/IEC 27001
Information Security
CyberCert SMB 1001: Diamond
Cyber Security Certification for SMBs
Our ISO/IEC 27001 certification confirms we operate a structured Information Security Management System (ISMS) with regular audits.
Only organisations holding the official SMB1001 Diamond Badge can certify other organisations as Diamond under the SMB1001 framework.
What this means for you:
- Globally recognised best practices
- Structured risk mitigation
- Transparent, defensible controls
What this means for you:
- Validated cybersecurity controls
- Structured risk mitigation
Your Security, Our Priority
BITS operates a structured Information Security Management System (ISMS) that governs how we protect the confidentiality, integrity, and availability of information across our organisation.
Our ISMS Covers:
- Managed Services
- Cyber Security
- Professional Services
- IT Infrastructure and management systems
- User training and awareness campaigns
Executive leadership retains formal responsibility for ISMS performance and compliance.
What this means for you:
- Clear accountability for security at the executive level
- Structured information security governance
- Defined scope of security controls
- Continuous review and improvement
Governance & Risk Management
BITS maintains formal governance and risk oversight processes to identify, assess, treat, and monitor organisational risks.
Our ISMS Covers:
- A documented Information Security Management System
- A Risk Management Standard aligned to ISO 27001 principles
- Strategic and operational risk hierarchy
- Defined escalation and acceptance thresholds
- Director’s oversight of extreme risks
- Formal Risk Register and control assurance activities
What this means for you:
- Structured risk identification and mitigation
- Board-level visibility of material risks
- Clear escalation pathways
- Documented compliance governance
Security Operations & Technical Controls
Our operational security controls are governed by documented standards and procedures.
Vulnerability Management
- Automated vulnerability scanning
- Risk-based prioritisation
- Defined remediation processes
- Annual leadership review
Change Management
- Formal Change Advisory Board (CAB)
- Documented change requests
- Rollback planning
- Post-change review
Configuration Standards
- Baseline configuration requirements
- Endpoint and Microsoft 365 security controls
- Asset inventory management
- Privileged access restrictions
Data Backup & Recovery
- Defined backup schedules
- Retention controls
- Secure offsite storage
- Annual recovery testing
What this means for you:
- Proactive threat identification
- Reduced service disruption risk
- Controlled production changes
- Defined recoverability of critical systems
Incident Response & Business Continuity
Cyber Incident Response
BITS maintains a formal Incident Response Management Process with:
- Defined Incident Response Team (IRT)
- Severity classification model
- Six-phase response lifecycle
- Regulatory reporting pathways
- Post-incident review process
Material Event & Business Continuity
Our Material Event Plan (MEP) covers:
- Data breaches and cyber attacks
- Sustained IT or communications failures
- Denial of access to premises
- Loss of key personnel
- Defined Recovery Time Objectives (RTO)
- Executive-led crisis coordination
What this means for you:
- Structured and documented incident handling
- Executive oversight during major events
- Defined recovery pathways
- Transparent communication processes
Supply Chain & Third-Party Security
BITS applies structured due diligence and monitoring to all supplier relationships.
Our supply chain framework includes:
- Supplier criticality assessment (High / Medium / Low)
- Data sensitivity and access classification
- Contractual security and breach notification obligations
- Annual reassessment of suppliers
- Ongoing monitoring of supplier risk posture
What this means for you:
- Reduced third-party risk exposure
- Structured supplier onboarding
- Defined security obligations in contracts
- Continuous monitoring of vendor risk
Data Protection & Responsible Technology
Secure Disposal
- Cross-cut destruction of physical records
- Secure wiping of digital media
- Certified destruction providers
- Verification and documentation of disposal
Mobile & Remote Work Security
- Encryption requirements
- Device management controls
- Access restrictions
- Secure remote working standards
Responsible AI Usage
- Restricted AI tool approval
- Data protection alignment (APP & NDB)
- Prohibited public AI usage without approval
- AI risk assessment framework
- Monitoring and audit controls
What this means for you:
- Controlled handling of sensitive data
- Secure remote operations
- Responsible adoption of emerging technologies
- Reduced data leakage risk
Document Library
The following governance and security documents are available to support due diligence, procurement reviews, and compliance assessments.
Security Operations
Let’s Talk Trust
Want to know more about how we protect your data?
Our team is here to answer any questions about our certifications, security practices, and how we help your business stay compliant and secure.