Information security at BMJ Group
We take information security seriously by protecting the confidentiality, integrity, and availability of the data entrusted to us by our clients, partners, and employees.
Our security framework is built around internationally recognised standards and best practices, ensuring that information is managed securely across our organisation.
Our certifications & standards
ISO 27001
We are certified to ISO 27001, the international standard for information security management systems (ISMS). This demonstrates our structured, risk-based approach to managing information security and continual improvement of our controls.
Cyber Essentials Plus
We hold Cyber Essentials Plus certification, independently verified through external testing. This confirms that we have effective technical controls in place to protect against common cyber threats.
Security practices
We conduct regular independent penetration testing to identify and address potential vulnerabilities. Findings are reviewed and remediated as part of our ongoing security improvement programme.
Our information security programme includes but not limited to:
- Regular risk assessments and internal audits
- Access controls based on least-privilege principles
- Secure system configuration and patch management
- Ongoing staff security awareness training
- Incident detection, response, and reporting procedures
We continuously review and improve our security posture to address emerging threats and evolving regulatory requirements.
