InvestiScriptby VeritasIQ
← Back to InvestiScript

Trust & Compliance

Our Information Security Management System.

VeritasIQ operates a 44-policy ISMS mapped to ISO/IEC 27001:2022 Annex A, UK GDPR, applicable regional data protection regulations and the NIST AI Risk Management Framework. This page summarises our control environment. Subscribers on Starter, Professional, Newsroom or Enterprise plans can access the full versioned policy pack. Procurement and audit teams may also request the complete evidence library.

Sign in to access policy documentsRequest the full evidence library

ISO/IEC 27001:2022

Aligned Stage 1 target Q4 2026

UK ICO registration

ZC117933

Data Protection

Multi-jurisdiction compliance framework

Data in transit

TLS 1.2+, HSTS enforced

Data at rest

AES-256, managed keys

Governance model

Human-in-the-loop on every material output

Policy domains

The ISMS is organised into six policy domains. Each policy is versioned, approved by the Information Security Committee and reviewed at least annually.

Governance & Risk

Subscriber
  • Information Security Policy (VIQ-POL-001)
  • Risk Management Policy & Methodology (VIQ-POL-002 / 003)
  • ISMS Scope, Objectives & RACI (VIQ-POL-004)
  • Supplier & Third-Party Risk Policy (VIQ-POL-005)

Data Protection

Subscriber
  • Data Protection Policy (UK GDPR) (VIQ-POL-010)
  • Data Retention & Disposal Policy (VIQ-POL-011)
  • Data Subject Request Procedure (VIQ-POL-012)
  • DPIA Framework & Template (VIQ-POL-013)
  • International Data Transfer Policy (VIQ-POL-014)

Information Security

Subscriber
  • Access Control Policy (VIQ-POL-020)
  • Cryptography Policy (VIQ-POL-021)
  • Acceptable Use Policy (VIQ-POL-022)
  • Secure Development Policy (VIQ-POL-023)
  • Change & Release Management Policy (VIQ-POL-024)
  • Vulnerability & Patch Management (VIQ-POL-025)

Operations & Resilience

Subscriber
  • Incident Response Policy & Playbook (VIQ-POL-030 / 031)
  • Business Continuity & Disaster Recovery Policy (VIQ-POL-032)
  • Logging & Monitoring Policy (VIQ-POL-033)
  • Backup Policy (VIQ-POL-034)

People

Subscriber
  • HR Security & Screening Policy (VIQ-POL-040)
  • Security Awareness & Training (VIQ-POL-041)
  • Code of Conduct (VIQ-POL-042)
  • Remote & BYOD Policy (VIQ-POL-043)

AI Governance

Subscriber
  • Responsible AI Policy (VIQ-POL-050)
  • Human-in-the-Loop Controls (VIQ-POL-051)
  • Model Access & Secret Handling (VIQ-POL-052)
  • Evaluation, Bias & Red-Team Policy (VIQ-POL-053)

Audit & evidence requests

Procurement, risk and audit teams can request a compliance pack containing our ISMS statement of applicability, current DPIA summaries, supplier register, penetration-test executive summary and regional data protection localisation plans. Turnaround is typically one UK business day.

Request compliance pack[email protected]