ISO 27001 — Information Security

ISO 27001:2022 is the information security standard. The certified entity maintains an Information Security Management System (ISMS) and applies controls from Annex A.

• QEHS platform is operated under an ISO 27001 ISMS. Certificate available on request / in the Trust Center.
• Annual surveillance audits by accredited registrar.
• Shared responsibility model — customer owns identity, access, and their tenant data; we own platform confidentiality, integrity, and availability.

For customers running their own ISMS, QEHS modules can host the asset inventory, risk register, SoA, control evidence, awareness training records, and internal audit programme. The Documents module enforces versioned approval for policies, and the Audit log is tamper-evident (hash-chained, 1–7 years retention).