ISO 27001:2022 is the international standard for establishing, implementing and continually improving an Information Security Management System (ISMS). Acuigen first achieved ISO 27001 certification in 2018 and has successfully maintained certification through annual re‑certification, demonstrating our ongoing commitment to protecting confidential information and managing information security risk.
What is ISO 27001?
ISO 27001 requires senior management to:
- Identify and assess information security risks systematically, taking into account threats, vulnerabilities and potential impacts
- Design and implement proportionate security controls (and other risk treatments) to reduce identified risks to acceptable levels
- Operate an ongoing management framework to ensure that controls remain effective and aligned to business, client and regulatory requirements
The standard takes a risk‑based approach to information security, ensuring controls are practical, relevant and embedded into day‑to‑day operations.
Scope of our ISO 27001 Certification
The scope of Acuigen’s ISO 27001 certification covers an ISMS supporting:
- Research and client feedback interviewing services, including:
- Face‑to‑face interviews
- Telephone research
- Web‑based surveys
- International and multilingual research and feedback programmes
- Qualitative and quantitative research methodologies
- Customer opinion tracking studies
- Data modelling and analysis
- Design, development and hosting of research and insight software
- Customer relationship management
- Project management
This scope supports both our research services and CustomServe insight technology.
Independent Assessment
As part of our ISO 27001 certification, Acuigen undergoes a comprehensive annual independent assessment, conducted by SGS United Kingdom Limited.
Our most recent re‑certification audit took place in February 2026, providing independent assurance that our information security controls and governance arrangements remain robust, appropriate and effective.
ISO 9001, ISO 20252 and ISO 27001 - What’s the difference?
Our 3 ISO standards address different but complementary aspects of how we deliver quality, conduct research and protect information:
- ISO 9001 is a quality system that ensures that clients receive a great service and that our service and products are continually improved. We define the internal quality systems and ensure that we deliver to them for the 2 certified scopes (research and software development/hosting of services). ISO 9001 takes a risk assessment and mitigation approach to managing quality.
- ISO 20252, by contrast to ISO 9001, is a ‘best of class’ prescriptive standard that defines standard ways and standards dependent upon the appropriate research methodology. For example, when undertaking telephone interviews, the standard defines the minimum number of interviews that have to be validated per interviewer and the methods of assuring the quality of their work.
- ISO 27001 is an information security standard that uses a risk assessment and mitigation approach in the same manner as ISO 9001. An information security management system (ISMS) is set up with circa 93 different controls (listed in ISO 27002) to cover different areas of risk, including; people, organisation, physical and technology risks.
UKAS Accreditation - Why is it so important?
Our certification processes are accredited by the United Kingdom Accreditation Service (UKAS), the UK government‑appointed body responsible for assessing organisations that provide certification services. UKAS is also a signatory to international accreditation agreements, enabling the mutual recognition of certifications globally.
Only UKAS‑accredited certification bodies have been formally assessed by the UK’s national accreditation authority. Certification issued by non‑accredited bodies may not be subject to the same level of independent oversight or international recognition.