Aetopia re-certified to ISO 27001:2022

Continuous ISO 27001 certification since 2018, now updated to the latest international standard.

Aetopia has been re‑certified to ISO/IEC 27001:2022, the current version of the international standard for information security management systems. The new certificate came into effect on 12 May 2025.

Aetopia has held ISO 27001 certification continuously since 1 May 2018. The latest audit transitions the company from the previous 2013 revision of the standard to the 2022 edition, which was updated to reflect changes in the modern threat landscape — including new controls around cloud services, threat intelligence, data leakage prevention, and information security during ICT readiness for business continuity.

Scope of certification

The certification covers information security for the design, development, deployment, support, and hosting of Aetopia’s digital asset management and digital evidence management software applications. The scope spans the sectors Aetopia serves, including law enforcement agencies, scientific and public archives, healthcare and the NHS, museums and heritage, marketing and distribution, digital publishing, media and broadcast, and education.

The certification is independently audited and awarded by BM TRADA, a UKAS-accredited certification body.

Why this matters to customers

Many of the organisations Aetopia supports — public bodies, cultural institutions, regulated industries, and law enforcement agencies — operate under strict information security, records management, and data protection obligations. Continuous ISO 27001 certification, re-certified under the current version of the standard, gives those customers a recognised, independently audited assurance that Aetopia’s information security management system is fit for the data they entrust to it.

This certification sits alongside Aetopia’s Cyber Essentials certification and its listing on the UK Government’s G-Cloud framework.