ISO/IEC 27001:2022 (Information Security Management System)

In March 2024 Tiger  successfully transitioned to the 2022 standard for our ISO/IEC 27001 certification from British Standards Institution (BSI), confirming our commitment to ensure that our customer data is protected.

ISO/IEC 27001:2022 is the globally recognised standard for information security management systems (ISMS). It provides guidance for organisations of all sizes and across various sectors to establish, implement, maintain, and continually improve their information security practices. The standard takes a holistic approach, addressing people, policies, and technology to enhance information security.

We have always prioritised the protection, integrity, and confidentiality of customer data. Even before the introduction of the latest ISMS, we had already implemented a comprehensive range of security measures. Tiger Prism was developed with stringent controls, anticipating requirements outlined by ISO/IEC 27001. Additional controls in the new 2022 standard confirm the effectiveness of our cloud security, threat intelligence, and ICT continuity readiness; while information deletion and data loss prevention (DLP) are covered in new information handling controls.

The adoption of ISO/IEC 27001 and Tiger’s subsequent certification underscore our unwavering commitment to safeguarding customer data. Our existing ISMS was robust, and the certification now validates its strength in addressing new areas of information security.

To pursue the policy, we shall:

• Ensure that all information, including internal, third party, personal and electronic data, is treated with complete confidentiality
• Maintain integrity of all such information
• Ensure that our information system and the information contained meet the needs of our core and supporting business operations
• Comply with all applicable statutory and regulatory requirements
• Safeguard security of our information assets through effective business continuity management
• Make information available with minimum disruption
• Increase staff awareness of information security management through education and training
• Perform reliable access control to protect our information system against unauthorised access.

Under this policy

• All breaches of information security, actual or suspected, will be reported to and investigated by authorised persons on the ISMS team
• The ISMS team is responsible for documenting and maintaining the Information Security Management System
• Information Security documents not limited to Policies and Procedures, will be made available online through an intranet system to support the ISMS
• All line managers shall implement the policy within their departments and ensure that every staff member adheres to the policy
• This policy has been approved by Tiger’s Board of Directors. It will be reviewed, and if necessary revised, annually to keep up to date and is available via our company website.

FSQS Registered

Tiger has registered and qualified for FSQS, Third Party Risk Management and Compliance for the Financial Services Sector.

FSQS (Financial Services Qualification System) is a community of financial institutions including banks, building societies, insurance companies and investment services, collaborating to agree a single standard for collecting the increasing amount and complexity of third party information needed to demonstrate compliance to regulators, internal policies and governance controls. You can find out more about FSQS here, and more about FSQS-NL here.

Benefits for buyers include:

• Easier regulatory requirement
  Comprehensive, accurate and regular updated insight into third party risk
• Single source of truth
  Thousands of third parties in a single, searchable, reportable and easily accessible system
• Reduced procurement timescales
  Instant access to third party information, reducing the time needed to qualify new suppliers or renew contracts.

• High quality validated information
  We check all third party information in accordance with a consistent objective and continually updated process
• Cost and resource efficient
  Costs are shared amongst community members, significantly reducing the cost of an in-house solution
• Peer network
  Access to the combined experience and resources of other members in the community with shared goals and challenge.