Compliance is crucial to the work we do at Xpress. For details of our accreditations see below. Please contact us if you have any questions.
We have an Information Security Management System (ISMS) which has been independently certified by BSI as compliant with the requirements of ISO27001 for the scope of managing personal data on behalf of our clients.
Cyber Attacks exploit weaknesses in IT systems and software. ERS and the ERS Group are proud to have certificates of assurance with the Cyber Essentials scheme. This provides assurance that our ICT defences have been assessed as satisfactory against commodity based cyber attack. We monitor and reassess these regularly.
We are PCI-DSS compliant and hold certification with ICO for data protection.
It is imperative all work undertaken by The ERS Group is carried out in compliance with all relevant confidentiality and information security policies. All data stored/processed and associated with the delivery of the services for which we have been appointed will be undertaken in accordance with these and the requirements of the relevant current data protection legislation in force.
Data Protection Act
We are registered as an authorised ‘Data Controller’ under the Data Protection Act 1998. The Data Protection Act gives rights to individuals in respect of the personal data held about them. Further information can be found in our privacy statement. The ERS Group’s Data Protection Officer can be contacted at:
Association of Electoral Administrators
As supporters of the AEA, we are proud to have 13 active members who hold the AEA Certificate.