Gemstone Achieves ISO 27001 Certification

15th January 2026

We’re delighted to share some big news: Gemstone has achieved ISO/IEC 27001 certification.

Information security has always been central to how we work — particularly supporting public-sector organisations and mission-critical services. ISO 27001 is an internationally recognised standard for information security management, and this certification reflects the strength of the controls, processes and culture we’ve built across the business.

What ISO/IEC 27001 means

ISO/IEC 27001 is a framework for systematically managing information security risks. It covers how an organisation designs, implements, monitors and improves an Information Security Management System (ISMS).

In practice, it requires clear evidence of things like:

  • Risk assessment and ongoing risk treatment

  • Security policies and training

  • Access control and secure ways of working

  • Supplier and third-party management

  • Incident response and continual improvement

  • Governance, accountability and auditability

It’s not a one-off badge — it’s a commitment to a security management system that’s reviewed and improved over time.

Why we pursued certification

Our work spans websites, applications and data platforms. Across all of it, we’re trusted with sensitive information, and we take that responsibility seriously.

ISO 27001 helps formalise and strengthen what we already value:

  • Consistency: the same strong approach across every project and team

  • Assurance: independent validation of how we manage security

  • Maturity: a framework that supports continuous improvement

  • Confidence: for clients, partners and stakeholders

What this means for our clients

For organisations working with Gemstone, this certification provides added assurance that:

  • We operate within a structured risk-managed security framework

  • Security is embedded into delivery — not bolted on at the end

  • We have defined processes for governance, incident handling, and continual improvement

  • We can support procurement and compliance requirements more effectively

In short: it’s another step forward in delivering secure, reliable digital services you can depend on.

What’s next

Certification isn’t the end — it’s the foundation. We’ll continue strengthening our ISMS, improving controls, and keeping security aligned to evolving risks and client needs.

If you’d like to understand what this means for your project, supplier requirements, or governance standards — we’re happy to talk.

Get in touch to discuss secure delivery, hosting, managed IT, or compliance-led digital transformation.