Securing the future: Loop Horizon achieves ISO 27001 accreditation

We’re proud to announce that we been certified to ISO/IEC 27001:2022 - the internationally recognised standard for Information Security Management, marking a significant milestone in our commitment to protecting the data our clients trust us with.

Why information security matters to us

At Loop Horizon, data is at the heart of everything we do. We work with leading enterprise brands to unlock the power of their customer data and that means our clients are placing considerable trust in us every day. Analytics datasets, marketing platforms, campaign data: all of it requires the highest standards of care, confidentiality, and control. ISO 27001 isn’t just a badge. It’s a framework that demands we prove, to an independent auditor, that we have the right people, processes, and controls in place to manage information security risks systematically and continuously.

We took that challenge seriously.

The journey to certification

Our path to certification was a structured, organisation-wide programme spanning several months:

• ‍Building the foundations:  We established a formal Information Security Management System (ISMS), led by our Finance Director and Director of Operations, and supported by external specialist consultants Integrity DSC Ltd.
• ‍Developing our documentation and controls:  We built a comprehensive suite of ISMS policies and procedures with all documentation version-controlled and hosted within a dedicated ISMS site.
• ‍Internal audits:  Two independent internal audits were conducted in November and December 2025 by Robert Brown, an ISO 27001 Senior Lead Auditor at Integrity DSC Ltd. These ensured we were fully prepared for external assessment and gave us the confidence to identify and address any gaps before the certification audit. ‍
• External certification audit:  In January 2026, our Stage 2 certification audit was conducted by Lead Auditor Catriona Koris of Tempo Audits — a three-day remote assessment covering every clause of the ISO/IEC 27001:2022 standard. The auditor found our ISMS to be “in a good state of readiness” with “well-documented policies” and a “strong commitment to information security” from our senior leadership team.  

What certification means in practice

ISO 27001 isn’t a one-time exercise. It embeds a culture of continuous improvement into how we run our business. For Loop Horizon, that means: ‍

• ‍Ongoing risk management: Our information security risks are assessed using a structured 5×5 impact-likelihood matrix, with all high risks tracked to treatment and residual risk reviewed by leadership. ‍
• Staff training and awareness: All employees complete information security induction and annual refresher training. We also run regular phishing simulation campaigns to keep awareness sharp and measurable. ‍
• Supplier assurance: All critical third-party suppliers are assessed for security compliance, with formal due diligence and contractual controls in place. ‍
• Annual surveillance audits: Our next audit is already scheduled for December 2026, ensuring our certification remains active and our ISMS continues to improve.

Embracing AI responsibly

As a data and analytics consultancy, we are active adopters of AI tools to enhance the quality and efficiency of our work. We use AI to support internal operations, speed up research, and improve the quality of the work we deliver for clients. We take this seriously. Our ISMS framework includes consideration of the risks introduced by AI and emerging technologies, and we are actively monitoring both the EU AI Act and UK regulatory developments to ensure our use of AI remains compliant, ethical, and secure. We do not use AI tools in ways that compromise the confidentiality of client data.

What’s next: further accreditations

ISO 27001 is the cornerstone of our security programme, but it’s only part of the picture. We are actively exploring the adoption of further accreditations to deepen and broaden our security posture: ‍

• ‍Cyber Essentials: The UK government-backed certification that demonstrates we have the fundamental technical controls in place to protect against the most common cyber threats. Achieving Cyber Essentials (and Cyber Essentials Plus) would complement ISO 27001 by providing a clear, independently verified baseline of our technical hygiene. ‍
• ISO 42001: The emerging international standard for AI Management Systems. As AI becomes increasingly central to our work and to our clients’ expectations, ISO 42001 would provide a structured framework for governing how we develop, deploy, and oversee AI responsibly. We are watching the rollout of this standard closely and regard it as a natural next step given our investment in AI-enabled delivery.

A Note of Thanks

Achieving this certification was genuinely a team effort. Thank you to everyone at Loop Horizon who contributed, particularly Chris Field, Sarah Astbury Ethan James, Prithvi Banerjee, and Nicholas Edwards, who participated in the audit alongside our ISMS team and to Integrity DSC Ltd for their expert guidance throughout.

We’re proud of what we’ve built and we’re committed to making it better, year on year.