ISO 27001 & 9001 Certified | OpenKit

OpenKit has ISO 27001 certification for information security management and ISO 9001 certification for quality management, both UKAS-accredited via Alcumus ISOQAR. OpenKit is also Cyber Essentials certified and GDPR compliant. OpenKit provides certified AI and software development services from Cambridge, UK.

UKAS-accredited
software development.

Security and quality, audited to internationally recognised standards. We work to the same control set our auditors check us against, every year.

Certificate Joint ISO 27001 & 9001
Issued by Alcumus ISOQAR UKAS-accredited body

Security and quality, audited together.

ISO 27001 and ISO 9001 sit on the same control set, so the security review and the delivery review happen against one auditor, in one cycle.

  • UKAS-accredited certifications recognised internationally
  • Quality assurance documented across the delivery lifecycle
  • Government-backed security standards for public-sector work
ISO 27001 and ISO 9001 joint compliance

Our certifications

ISO 27001:2022 certification
Cert. 24112 Alcumus ISOQAR · UKAS-accredited
Information security management

ISO 27001:2022

UKAS-accredited certification through Alcumus ISOQAR. Covers our ISMS, risk-treatment plan, supplier controls and incident response. Audited annually with a full re-certification cycle every three years.

  • Information security management system
  • Documented risk treatment & supplier controls
  • Annual surveillance audits, 3-year re-certification
How we run ISO 27001
ISO 9001:2015 certification
Cert. 24112 Alcumus ISOQAR · UKAS-accredited
Quality management

ISO 9001:2015

UKAS-accredited quality management system. Sits alongside ISO 27001 so security and delivery quality are audited against the same control set, not as separate disciplines.

  • End-to-end delivery process documented
  • Customer-feedback loop on every engagement
  • Continuous improvement reviewed at audit
How we run ISO 9001

Government-backed security and data protection.

Cyber Essentials clears UK public-sector supplier requirements. GDPR controls govern every data handling decision. Innovate UK is where we run grant-funded R&D under the same evidence-led approach.

UK government-backed baseline

Cyber Essentials

Demonstrates the five technical controls the UK government expects of any supplier handling public-sector data: secure configuration, boundary firewalls, access control, malware protection, and patch management.

Verify certificate
Data protection by default

UK GDPR

Every project ships with a documented data-handling plan: what data is processed, where it lives, retention periods, lawful basis, and the route to erasure. UK regions only, unless a client explicitly opts otherwise.

R&D-grade engineering

Innovate UK partner

Delivery partner on Innovate UK-funded projects. Brings the same evidence-led approach to grant-funded R&D as we do to commercial production work.

Why our certifications matter.

The point of a UKAS-accredited certificate is that the audit is independent. The point for you is that it cuts the work in procurement.

UKAS accreditation means

  • Internationally recognised standards
  • Rigorous third-party audit
  • Annual surveillance and re-certification

What this gives you

  • Procurement clears faster on regulated tenders
  • Public-sector eligible by default
  • Documented artefact trail on every project

Audited, evidenced, re-signed.

Our certifications are not a certificate on the wall. UKAS auditors revisit annually, processes are reviewed and re-signed each cycle, and every certificate is checkable directly with the issuing body. We send signed PDFs and the latest surveillance audit on request as part of due diligence.

Procurement questions, answered.

What does ISO 27001 actually cover for our project?

Information security across the full delivery lifecycle: how data moves between our environment and yours, how access is granted and revoked, how secrets are stored, what happens on an incident, and how subcontractors (we use none) are managed. Each project gets a tailored statement of applicability before scoping work begins.

Are the certificates UKAS-accredited?

Yes. ISO 27001 and ISO 9001 are both certified through Alcumus ISOQAR, which is UKAS-accredited — the UK national accreditation body recognised under ISO/IEC 17021-1. Many AI vendors hold ISO certificates issued by non-UKAS bodies, which carry less weight in UK public-sector procurement. Ours do not.

Do you have SOC 2 or HIPAA?

No. We are honest about scope: OpenKit holds ISO 27001, ISO 9001, Cyber Essentials and is GDPR-compliant. We do not claim SOC 2, HIPAA, FedRAMP or PCI-DSS, and will tell you upfront if a regulated workload genuinely requires those frameworks rather than mapping equivalents.

Where does our data live?

UK regions by default — primarily AWS London (eu-west-2) and the equivalent on other UK-resident clouds when needed. Data does not leave the UK unless you explicitly choose an alternative region and we document the lawful basis for the transfer.

Can we see the certificates?

Yes, on request as part of due diligence. We will send the signed PDFs, the statement of applicability, and our latest surveillance audit report. The Cyber Essentials certificate is publicly verifiable via the link on this page.

Rethink What's Possible with AI Today

Book a free strategy session and discover your AI advantage with our expert team

  • Free consultation
  • No commitment required
  • Expert advice on AI implementation
Email Us Instead

Typical response time: Within 24 hours

OpenKit Logo

OpenKit

Rethinking What's Possible with AI.

Office

Cambridge Guildhall, Market Square, Cambridge CB2 3QJ

contact@openkit.co.uk
ISO 27001 ISO 9001 Cyber Essentials

© 2026 OpenKit. All rights reserved. Company Registration No: 13030838

Privacy Terms Cookies Modern Slavery Act

Start Your
AI Project

Thank you for your interest! Enter your project details below and our team will get in contact within 24 hours.

About your AI project

About You

By submitting this form, you confirm that you have read and agree to our privacy policy. We will only use your information to respond to your inquiry.