When we talk about quality, we mean quality.

Everyone at ForGood.Tech has a strong belief in the company’s systems, accreditations and customer service, ensuring it will shine a light on the very culture of the business.

Our focus on quality encompasses many facets of the business, from providing a high-level service to charities and non-profits, through to maintaining heavy layers of protection to special category data, and enforcing our commitment to our key strategic partner, Microsoft.

To see a list of our accreditations that we proudly hold, please see below.

Cyber Essentials Plus

Why?

ForGood.Tech understands the importance of protecting customer data and ensuring the lowest possible risk of a data breach for our clients, many of whom in the charity/non-profit sector include special category data.

The delivery of project and managed services to clients requires a partner’s team members to have access to client data.

ForGood.Tech made the strategic decision that in addition to maintaining the ISO 27001:22 accreditation, we would further strengthen our approach to the handling of information and data with the Cyber Essentials Plus certification.

The Cyber Essentials scheme is a UK government-backed framework supported by the NCSC (National Cyber Security Centre). It sets out five basic security controls that can protect organisations against 80% of common cyber-attacks.

How?

The Cyber Essentials Plus scheme is designed to help organisations of any size demonstrate their commitment to cyber security, while keeping the approach simple. The certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.

Cyber Essentials Plus helps prevent around 80% of cyber-attacks.

By correctly implementing the five basic security controls, the Cyber Essentials scheme helps ForGood.Tech reduce the impact of such threats as:

  • Phishing attacks
  • Malware
  • Ransomware
  • Password-guessing attacks
  • Network attacks

ISO 27001:22 Accredited

Why?

At ForGood.Tech, safeguarding client data is a top priority — especially for our charity and non-profit partners who often handle sensitive, special category information. Our delivery of projects and managed services requires secure access to client data, and we take that responsibility seriously.

To reinforce our commitment, we’ve gone beyond Cyber Essentials Plus and adopted the internationally recognised ISO/IEC 27001:22 standard — the gold standard for Information Security Management Systems.

Unlike Cyber Essentials Plus, ISO/IEC 27001:22 offers a broader and deeper framework. It covers all aspects of information security across the organisation, not just IT systems, and requires a more rigorous and time-intensive implementation process.

How?

To maintain our ISO/IEC 27001:22 accreditation, ForGood.Tech undergoes annual external audits. We also maintain a comprehensive set of mandatory documentation, including:

  • Information security policies and objectives
  • Risk assessment and treatment plans
  • Scope of the ISMS
  • Statement of Applicability
  • Internal audit processes and results
  • Management review records
  • Corrective actions and non-conformity tracking
  • Operational controls and monitoring evidence

In addition to these core requirements, we proactively manage further controls such as:

  • Defined security roles and responsibilities
  • Asset inventories and classification schemes
  • Access control policies and IT operating procedures
  • Incident management and business continuity plans
  • Supplier security and regulatory compliance measures

ISO 27001:22’s mandatory documents include:

  • The scope of the ISMS
  • Information security policy
  • Information security risk assessment process
  • Information security risk treatment plan
  • The Statement of Applicability
  • Information security objectives
  • Evidence of competence
  • Documented info determined by the organisation as being necessary for the effectiveness of the ISMS
  • Operational planning and control
  • Results of the information security risk assessment
  • Results of the information security risk treatment
  • Evidence of the monitoring and measurement of results
  • A documented internal audit process
  • Evidence of the audit programs and the audit results
  • Evidence of the results of management reviews
  • Evidence of the nature of the non-conformities and any subsequent actions taken
  • Evidence of the results of any corrective actions

In addition to the mandatory documents, ForGood.Tech has also considered and manage the following additional controls:

  • Definition of security roles and responsibilities
  • An inventory of assets
  • Rules for the acceptable use of assets information classification scheme
  • Access control policy
  • Operating procedures for IT management
  • Logs of user activities, exceptions, and security events
  • Secure system engineering principles
  • Supplier security policy
  • Incident management procedure
  • Business continuity procedures
  • Statutory, regulatory, and contractual requirements

What?

ForGood.Tech has successfully implemented and continues to maintain ISO/IEC 27001:22 certification. This ensures we consistently apply best practices in data handling, security, and risk management — giving our clients confidence that their information is protected to the highest standards.

ISO 9001:15 Accredited

Why?

One of the four ForGood.Tech strategic board objectives is to deliver a world-class service which aligns with the ForGood.Tech shareholders’ common values, including always delivering on our customer commitments.

In many areas of the IT sector, providers adopt custom/individual approaches to service delivery and quality, which don’t always represent best practice.

At ForGood.Tech, we wanted to ensure that we were adopting best practices that were externally audited for quality management. We made the strategic decision to adopt the Gold Standard for Quality Management Systems ISO 9001:15.

How?

ISO 9001:15 is a globally recognised framework for quality management that helps organisations improve performance, streamline operations, and reduce costs. It is structured across ten clauses:

  • Clauses 0–3: Introduction, scope, references, and definitions — including the Plan-Do-Check-Act cycle and risk-based thinking
  • Clause 4: Context of the organisation — internal/external factors, stakeholder needs, and process mapping
  • Clause 5: Leadership and commitment — customer focus, quality policy, and role clarity
  • Clause 6: Planning — risk/opportunity management, quality objectives, and planning to achieve them
  • Clause 7: Support — resource management, infrastructure, work environment, competence, and communication
  • Clause 8: Operation — product/service planning, design, purchasing, delivery, and non-conformity handling
  • Clause 9: Performance evaluation — customer satisfaction, audits, process monitoring, and management reviews
  • Clause 10: Improvement — corrective actions and continual improvement of the QMS

What?

ForGood.Tech has successfully adopted and maintained ISO 9001:15, which requires regular external audits to ensure we are continuing to adopt best practices in our approach to quality management across the organisation.

Living Wage Employer

Why?

As part of our corporate social responsibility and values, ForGood.Tech wants to ensure every employee receives fair pay.

As part of this goal, ForGood.Tech has adopted The Living Wage as the only UK rate based on living costs. Based on the cost of living, the real Living Wage is voluntarily paid by over 11,000 UK employers who believe their workers should be paid a wage that meets our everyday needs.

 

How?

ForGood.Tech must demonstrate that the company pays at least the Living Wage to all of its employees, including contractors. ForGood.Tech has successfully met the requirements to be a Living Wage Employer.