All aspects of tolomy’s Assured Cloud platform are underpinned and independently verified by a comprehensive set of globally accepted assurance certifications and accreditations. This is primarily because tolomy’s sister company, Acentria IT, is a security consultancy with security and assurance embedded at its core.

tolomy’s services are assessed against recognised international standards ISO9001, ISO20000 and ISO27001, and are subject to regular audits, assessments and inspections by certification bodies, regulators and accreditors as well as being governed by the CESG Listed Advisors. tolomy is a UK company, based in Crawley West Sussex.


tolomy’s Cloud Services are fully underway for accreditation to PSN and PGA, all infrastructure is suitable for supporting IL0-IL2 protectively marked data and soon to be IL3. This accreditation requires demonstration of a robust risk management system, which meets the stringent requirements specified by CESG and the PSNA. tolomy undergoes IT Security Health Checks undertaken by a CHECK approved company.

Compliance & Governance

tolomy takes Information Security, IT Service Management and Quality seriously. Our dedicated service management compliance officers have significant experience in successfully delivering certified management systems, ensuring that they encompass developing best practices.

Information Security Management (ISO27001)

Security and assurance is the fabric of our business, it is in the company’s DNA. tolomy therefore, is ISO27001 certified and its Information Security Management System (ISMS) is based upon a robust framework of information security policies and procedures.

Cyber Essentials Scheme

tolomy promotes the Cyber Essentials Scheme with rigour and are undergoing both the Cyber Essentials Basic and Cyber Essentials Plus certification. This Certification was introduced by UK Government in 2014 to reduce cyber risks across all organisations and helps to safeguard the country’s growing digital economy. The assessment is focused on the configuration and management of tolomy’s ICT systems, end-user devices, and seeks to identify whether they could be compromised by various cyber-attack scenarios.