Smokeball is proud to be an ISO 27001 certified organisation, demonstrating our commitment to maintaining the highest standards of information security. This internationally recognised certification reflects our dedication to protecting our clients' sensitive data and upholding their trust.
We understand that safeguarding information assets is essential to our reputation and the strength of our business relationships. In response to the evolving cybersecurity landscape, Smokeball has implemented comprehensive and robust security measures to protect both our solutions and information assets.
Information security is embedded in every aspect of our operations. We apply stringent security practices and secure information handling protocols across the organisation. Our ISO 27001-certified framework underpins the stringent security practices and secure information handling protocols applied across all areas of our business. This reinforces our commitment to treating client data with the same level of care and protection as our own critical information.
Clients can be confident that Smokeball prioritises the confidentiality, integrity, and availability of their information—backed by globally recognised standards.
We acknowledge that effective information security is a collaborative effort. As such, Smokeball works closely with our clients, third-party partners, and stakeholders to ensure a comprehensive approach to data protection.
This shared responsibility model allows us to maintain a robust security posture while delivering exceptional service to our clients.
Our Information Security Management System (ISMS) is certified to the ISO 27001 standard and encompasses comprehensive policies, processes, and controls that protect data confidentiality, integrity, and availability. The framework aligns with Annex A control requirements, which provide a structured approach to access management, data protection, system resilience, and continual improvement.
Smokeball’s solutions are hosted on Amazon Web Services (AWS), leveraging AWS’s globally recognised compliance posture. AWS maintains certifications and compliance programs including ISO 27001, ISO 42001, SOC 1, SOC 2, PCI DSS, and GDPR alignment, ensuring our infrastructure adheres to the highest security standards. Our environment benefits from AWS’s multi-layered security model and tools, including virtual firewalls, web application firewalls, intrusion detection, and continuous monitoring to prevent, detect, and respond to potential threats proactively.
We employ industry-leading encryption mechanisms to secure data in transit and at rest. All sensitive data is encrypted using AES-256 encryption, ensuring confidentiality and protection from unauthorised access. Communication between systems is secured using TLS 1.2+ to prevent interception during transmission, maintaining integrity and authenticity throughout the data lifecycle.
These measures ensure that your sensitive information is protected from unauthorised access at all times.
In alignment with ISO 27001 Annex A controls, Smokeball implements strict access management practices:
These controls strengthen identity verification, enhanced protection against identity theft and unauthorised access, reduce insider threats, and enhance overall account security.
Smokeball AI capabilities (including Archie AI) are designed and operated to protect confidentiality, integrity and availability of customer data and to support privacy requirements by limiting AI access to authorised users, authorised matters and authorised firm environments.
Smokeball’s solution is built for resilience. Smokeball’s infrastructure is architected across multiple AWS Availability Zones, delivering high availability and resilience against service disruptions. This geographical redundancy ensures continuous uptime, disaster recovery capabilities, and minimal impact from regional outages — providing uninterrupted service reliability for all clients.
Security at Smokeball is never static. We continually enhance our controls and practices through regular audits, assessments, penetration testing, compliance reviews, security awareness training for all staff and incident response planning and readiness to support the continual improvement of our security posture.
Smokeball’s commitment to information security ensures our clients can operate with confidence, knowing their data is protected by robust controls and a certified management framework.
If you have any questions about our security practices or would like to report a concern, please send us an email at infosec@smokeball.com
This statement reflects the security policy of SMOKEBALL and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within SMOKEBALL.
Any further questions, please email info@smokeball.co.uk or call us on 0800 208 8184.
© 2023 Smokeball UK Ltd. Company Number 14599837. All Rights Reserved.
Terms of Service | Website Terms of Use | Privacy Policy | Sitemap | Contact us
