Since 1991 Quest, and the team now known as AIMS Software Ltd, has driven continual quality improvement in both our practice and software. We are formally audited and certified compliant with the following ISO standards.
ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of AIMS grant management software and our AIMS clients.
The ISO 27001:2013 Standard requires specific controls and processes for
- Information security in project management
- Secure development and system change control
- Secure system engineering principles
- Secure development environment
- System security testing
- System acceptance testing
Successful surveillance audit, conducted October 2019
‘The organisation has developed a practical yet robust ISMS which is mitigating ISMS risk within their risk acceptance criteria. The internal IT expertise ensures that effective use of IT tools and techniques in the management of IS is evident.’ External auditor, October 2019
ISO 9001:2015 Quality management systems
This standard is the current version, last reviewed and confirmed by ISO in 2021.
ISO 9001:2015 specifies requirements for a quality management system to demonstrate our ability to consistently provide the AIMS products and services. It also requires that we enhance client satisfaction through the effective application of the system, including processes for improvement and the assurance of conformity to meet our client, statutory and regulatory requirements.
The quality management principles required are:
- leadership
- customer focus
- engagement of people
- relationship management
- evidence-based decision making
- process approach and continual improvement
Successful transition audit, conducted January 2017
‘The QMS has effectively addressed the requirements of ISO9001:2015. The monitoring and measurement capability introduced to the QMS has introduced an enhanced transparency to the effectiveness to the system.’ External auditor, January 2017
Data Protection and GDPR compliance
Extensive penetration and security testing of each AIMS release ensures we make every effort to provide a highly secure solution to organisations. We understand that the privacy of personal data is core to our clients’ purpose. We are registered as a Data Processor with the Data Protection Commissioner and would respond as per the established Personal Data Security Breach Code of Practice.
Protection of customer personal data and intellectual property is a mandatory requirement of both our ISO standards.
- ISO 27001:2013 Information Security Management System (Clause A. 18.1.4 Privacy and protection of personally identifiable information).
- ISO 9001:2015 Quality Management System (Clause 8.5.3 Property belonging to customers or external providers)
The functions provided by AIMS support your compliance with data protection regulations, including EU General Data Protection Regulations (GDPR).
The AIMS solution itself is fully compliant with GDPR requirements:
- AIMS cookie information is visible in the application footer.
- other client specific privacy notices and terms can be added to the page footer
- all cookies are deleted when a session ends.
- session timeout is configurable, but it is set to 30 mins by default
- tick ‘Remember my login on this computer’, to remember your password for up to 7 days
- passwords can be forced to update after a period
Product features specifically designed to support personal data protection include:
- any data fields on client configurable forms can be flagged as personal data
- external users can consent to storage of their personal information
- internal users can view their personal data consent and communication consent flags
- users can view their full profile and application personal data
- allow external users to cancel their draft applications
In addition, we are proud that AIMS grant management software allows users full control of their personal data at all stages. We provide the functionality for consent to be requested when and where required. We understand that data protection is an organisation-wide issue, and we provide transparency in collection, storage and use of data and its security. AIMS allows internal users to cancel applications in batch, obfuscate user data on request or in batch, supporting the right to be forgotten and efficient archiving of data, which works alongside our data security functions.