Accreditation

Home | About | Accreditation

Since 1991 Quest, and the team now known as AIMS Software Ltd, has driven continual quality improvement in both our practice and software. We are formally audited and certified compliant with the following ISO standards.

ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of AIMS grant management software and our AIMS clients.

The ISO 27001:2013 Standard requires specific controls and processes for

  • Information security in project management
  • Secure development and system change control
  • Secure system engineering principles
  • Secure development environment
  • System security testing
  • System acceptance testing

Successful surveillance audit, conducted October 2019

‘The organisation has developed a practical yet robust ISMS which is mitigating ISMS risk within their risk acceptance criteria. The internal IT expertise ensures that effective use of IT tools and techniques in the management of IS is evident.’ External auditor, October 2019

ISO 9001:2015 Quality management systems

This standard is the current version, last reviewed and confirmed by ISO in 2021.

ISO 9001:2015 specifies requirements for a quality management system to demonstrate our ability to consistently provide the AIMS products and services. It also requires that we enhance client satisfaction through the effective application of the system, including processes for improvement and the assurance of conformity to meet our client, statutory and regulatory requirements.

The quality management principles required are:

  • leadership
  • customer focus
  • engagement of people
  • relationship management
  • evidence-based decision making
  • process approach and continual improvement

Successful transition audit, conducted January 2017

‘The QMS has effectively addressed the requirements of ISO9001:2015. The monitoring and measurement capability introduced to the QMS has introduced an enhanced transparency to the effectiveness to the system.’ External auditor, January 2017

Data Protection and GDPR compliance

Extensive penetration and security testing of each AIMS release ensures we make every effort to provide a highly secure solution to organisations. We understand that the privacy of personal data is core to our clients’ purpose. We are registered as a Data Processor with the Data Protection Commissioner and would respond as per the established Personal Data Security Breach Code of Practice.

Protection of customer personal data and intellectual property is a mandatory requirement of both our ISO standards.

  • ISO 27001:2013 Information Security Management System (Clause A. 18.1.4 Privacy and protection of personally identifiable information).
  • ISO 9001:2015 Quality Management System (Clause 8.5.3 Property belonging to customers or external providers)

The functions provided by AIMS support your compliance with data protection regulations, including EU General Data Protection Regulations (GDPR).

The AIMS solution itself is fully compliant with GDPR requirements:

  • AIMS cookie information is visible in the application footer.
  • other client specific privacy notices and terms can be added to the page footer
  • all cookies are deleted when a session ends.
  • session timeout is configurable, but it is set to 30 mins by default
  • tick ‘Remember my login on this computer’, to remember your password for up to 7 days
  • passwords can be forced to update after a period

Product features specifically designed to support personal data protection include:

  • any data fields on client configurable forms can be flagged as personal data
  • external users can consent to storage of their personal information
  • internal users can view their personal data consent and communication consent flags
  • users can view their full profile and application personal data
  • allow external users to cancel their draft applications

In addition, we are proud that AIMS grant management software allows users full control of their personal data at all stages. We provide the functionality for consent to be requested when and where required.  We understand that data protection is an organisation-wide issue, and we provide transparency in collection, storage and use of data and its security.  AIMS allows internal users to cancel applications in batch, obfuscate user data on request or in batch, supporting the right to be forgotten and efficient archiving of data, which works alongside our data security functions. 

This website uses cookies
This site uses cookies to enhance your browsing experience. We use necessary cookies to make sure that our website works. We’d also like to set analytics cookies that help us make improvements by measuring how you use the site. By clicking “Allow All”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts.
These cookies are required for basic functionalities such as accessing secure areas of the website, remembering previous actions and facilitating the proper display of the website. Necessary cookies are often exempt from requiring user consent as they do not collect personal data and are crucial for the website to perform its core functions.
A “preferences” cookie is used to remember user preferences and settings on a website. These cookies enhance the user experience by allowing the website to remember choices such as language preferences, font size, layout customization, and other similar settings. Preference cookies are not strictly necessary for the basic functioning of the website but contribute to a more personalised and convenient browsing experience for users.
A “statistics” cookie typically refers to cookies that are used to collect anonymous data about how visitors interact with a website. These cookies help website owners understand how users navigate their site, which pages are most frequently visited, how long users spend on each page, and similar metrics. The data collected by statistics cookies is aggregated and anonymized, meaning it does not contain personally identifiable information (PII).
Marketing cookies are used to track user behaviour across websites, allowing advertisers to deliver targeted advertisements based on the user’s interests and preferences. These cookies collect data such as browsing history and interactions with ads to create user profiles. While essential for effective online advertising, obtaining user consent is crucial to comply with privacy regulations.