Information Security & IT Resource Hub
Secure. Transparent. Trusted
Your legal and governance work deserves secure software. Whether you’re managing legal matters or regulatory processes – your data needs protection, and your team needs confidence. Iken Cloud is built to support your compliance needs from day one.
Lorem
Lorem
Lorem
We design and deliver secure systems that align with recognised public sector standards – so you can focus on the work that matters.
This hub brings together everything you need to know about how Iken Cloud delivers security, compliance, resilience and integration – with direct links to our guidance, policies, and certifications.
NCSC Cyber Security Guidelines
1.1 Risk Management
Risk-based thinking is embedded across everything we do – from architecture design to change control.
1.2 Engagement & Training
We follow BPSS-aligned onboarding, run mandatory cyber training, and maintain robust access policies.
1.3 Asset Management
All infrastructure assets are tracked, security baselined, and monitored within Microsoft Azure.
1.4 Architecture & Configuration
From network hardening to structured environment separation, Iken Cloud is configured for protection.
1.5 Vulnerability Management
Vulnerability detection, alerting, and response are managed via Azure tools and proactive patching.
1.6 Identity & Access Management
Granular AD integration, Super User access roles, SSO, and MFA support keep data locked down.
1.7 Data Security
We encrypt all data in transit, store all client data in the UK, and support retention and access control.
1.8 Logging & Monitoring
Audit logs, scheduled tasks and alerting modules support full oversight and event management.
1.9 Incident Management
We operate a tried-and-tested Business Continuity and Disaster Recovery Plan for resilience.
1.10 Supply Chain Security
Every supplier is reviewed for risk, with preferred certification to ISO27001 and strict integration controls.
NCSC Cloud Security Principles
Iken Cloud fully supports the NCSC Cloud Security Principles. Below is a summary of how we comply – with links back to the 10 Steps framework:
1. Data in transit protection: Iken Cloud protects data in transit through SQL and SMB encryption and TLS1.2.
2. Asset protection and resilience: Encrypted backups, UK failover, Azure-hosted.
3. Separation between customers: Multi-tenancy ensures isolation of client data.
4. Governance framework: ISO27001-certified Information Security Management System.
5. Operational security: Logging, signed integrations, Azure security, proactive patching.
6. Personnel security: BPSS checks, policy training, least-privilege principles.
7. Secure development: Secure by Design and Agile lifecycle integration.
8. Supply chain security: Reviewed vendors, ISO27001 advocacy, signed scoped integration.
9. Secure user management: AD-based roles and elevated permission management.
10. Identity and authentication: SSO and MFA available; Windows Authentication throughout.
11. External interface protection: All APIs scoped, encrypted, and monitored.
12. Secure service administration:
Admin access separated, timebound and secured with MFA.
13. Audit information and alerting: Integrated reporting modules and real-time monitoring.
14. Secure use of the service: Secure defaults and built-in archiving and onboarding support.
Certification & Frameworks
Data Protection & Privacy
Availability, Resilience & Continuity
99.5% uptime, with plans to increase
UK-based Azure infrastructure with geo-failover
Regular DR testing and active business continuity measures
Accessibility & Portability
WCAG 2.1 AA compliant (Iken Cloud + Website)
Optimised for desktop, mobile, and tablet
Accessible anywhere with proper authentication
Our IT Strategy
Stability – Reliable systems for long-term use
Security – Embedded throughout every layer
Support – Responsive, informed, client-focused help
Strategy – Futureproofed and built for innovation
“Iken’s IT Strategy provides the technology, capacity and security for long-term growth and leadership in centralised business information systems.”
Phil Coleman
Chief Information Officer
