At Thesis SM, providing Student Information System software to UK Higher Education institutions means information security is more than a priority for us - it’s a responsibility. Protecting sensitive student and institutional data is fundamental to what we do, which is why we set out to achieve the ISO 27001:2022 certification, the internationally recognised standard for Information Security Management Systems (ISMS).
Why We Needed ISO 27001 at Thesis SM
As a cloud-based provider, we are entrusted with handling critical data every day. To strengthen this trust, we needed a formal and structured framework that would:
- Demonstrate our security capabilities to customers and prospects.
- Strengthen internal governance and controls across people, processes, and platforms.
- Support our compliance position in tenders and supplier assurance reviews.
How Thesis SM Achieved It
This wasn’t just about meeting a checklist, it was a strategic transformation for Thesis SM. We focused on building an information security foundation that was robust, scalable, and aligned to industry best practices.
Some of the key steps we took included:
- Leveraging Microsoft Azure’s native security services for better visibility, scalability, and compliance alignment.
- Centralising monitoring and logging using Azure Monitor and Log Analytics for full system oversight.
- Implementing proactive threat detection and real-time alerting to enable swift incident responses.
- Strengthening encryption and key lifecycle management through Azure Key Vault.
- Retiring non-standard tools to simplify our environment and ensure enterprise-grade controls.
- Embedding a culture of security awareness across Thesis SM with regular, accredited third-party training.
We validated these efforts through a comprehensive two-stage external audit, assessing both our system’s design and its operational effectiveness.
The Result
In 2025, Thesis SM achieved ISO 27001:2022 certification. The auditors even remarked on the maturity of our ISMS - a significant accomplishment for our first certification.
The benefits for Thesis SM have been clear:
- Stronger positioning in procurement and compliance-led markets.
- Increased customer confidence in our data handling and security practices.
- Enhanced operational resilience through tighter controls and greater visibility.
- A repeatable framework for continuous improvement, with surveillance audits scheduled through to 2028.
Our certification scope proudly covers:
“The development, provision, and support of Student Information System software to UK Higher Education institutions.”
What’s Next
For us at Thesis SM, ISO 27001 isn’t a milestone - it’s part of an ongoing commitment. We’ll continue refining and evolving our information security practices with regular internal reviews and independent audits to ensure we’re always moving forward.
If you’d like a copy of our ISO 27001:2022 certificate for procurement or compliance purposes, contact us at hello@thesiscloud.com
About the author:
Mark Smith – Director of IT & Cloud Services
I am a visionary IT leader with 20 years’ expertise in cloud strategy, cybersecurity, and SaaS transformation. Led large-scale Azure migrations and ISO 27001 compliance. Passionate about aligning technology with business goals to drive security, scalability, and efficiency while fostering high-performing teams.
The best part of working at Thesis is the excellent team - talented, collaborative, and dedicated to delivering market-leading solutions. There's a shared passion for innovation and customer success, making it a great environment to grow and contribute. The teamwork and commitment to excellence are what keep me here.
I’m most proud of Thesis SM’s scalability and cloud-hosted architecture, ensuring reliability and performance for universities of all sizes. It’s designed to meet the complex needs of higher education, providing a flexible and future-proof solution that empowers institutions to manage their operations efficiently and adapt to evolving demands.