Published by Neil Thompson, 11th November 2025
RefTech is celebrating a decade of ISO 27001 certification - the internationally recognised gold standard for information security. This milestone confirms RefTech’s commitment to keeping client and employee data secure through robust, continually improving systems that have become embedded in the day-to-day running of the business.
“Ten years ago, achieving ISO 27001 was a huge project,” says Penny Sellers, Sales and Operations Director and joint Compliance Manager at RefTech. “We already had strong systems in place, but we had to elevate everything to the next level to ensure full compliance – from refining processes and policies to enhancing staff training and physical infrastructure. Today, it's second nature. Our systems and procedures are so ingrained that new staff don’t even realise they’re following ISO standards – it’s simply how we work.”
ISO 27001 is awarded to companies that establish, implement, maintain and improve an Information Security Management System (ISMS) that covers everything from technical measures such as encrypted networks and secure data storage, to physical access controls, CCTV, alarms and strict internal permissions.
“It’s not just about protecting client data,” says Sellers. “It covers all data, including our own employee records. Everything from how we onboard staff to how we handle incoming client delegate data is governed by our ISMS.”
Over the years, ISO standards have evolved; RefTech moved from the 2013 version to the 2017 standard, and now operates under the 2022 revision, but the principle has remained the same: a rigorous, evidence-based audit of how the company protects its information.
Annual independent audits ensure compliance. Auditors are on-site for two days, testing everything from business continuity plans to staff awareness. “They can ask any member of staff a question,” says Sellers. “Everyone has to know their role in keeping data secure.”
Despite widespread recognition of the ISO standard, Sellers notes that only a small percentage of clients specifically seek out suppliers with the certification. More often, it’s once the relationship is underway that the security questions begin. “We get asked to complete increasingly detailed supplier questionnaires. Having ISO helps, but some clients still want extensive extra information.”
RefTech was the first registration company to gain ISO 27001 and remains one of the few to have retained it for a full decade. “Plenty of suppliers claim to be secure, but ISO 27001 proves it. We’re proud to have maintained this standard for 10 years. It shows our clients that security isn’t just a box to tick, it’s a fundamental part of who we are,” concludes Sellers.
For companies wanting to know more about RefTech’s decade of ISO certification, please visit stand C44 at Event Tech Live – 12th & 13th November, Excel London.
