Our security standards

We hold ourselves to a high standard. At FlexMR, we understand the importance of data security and make every effort to ensure that the customer data held on our systems is fully protected.

To achieve this, we have developed and implemented an Information Security Management System (ISMS) to ensure legal, regulatory and contractual compliance. The Information Security Policy includes a framework for setting information security objectives and commits to continual improvement of the ISMS. The policy is authorised under the signature of the Managing Director and compliance with the policy is mandatory.

Regular audits and reviews

An Information Security Forum meets to review and control information security on a quarterly basis. Chaired by our Managing Director and attended by the Information Security Officer and representatives from key departments, the Information Security Forum ensures that information security is at the heart of all business activities.

Two recognised certifications

FlexMR holds both the ISO 27001:2013 and Cyber Essentials Plus certifications. These are Internationally recognised standard-specific requirements in security management and define comprehensive security controls. In achieving these certifications, we gladly commit to continually managing information security in accordance with recognised and audited best practices.

ISO 27001: 2013

We adhere to the ISO/IEC 27001:2013 specification that governs the requirements for establishing, implementing, maintaining and continually improving an information security management system.

Cyber Essentials Plus

Cyber Essentials is a UK government-backed scheme from the National Cyber Security Centre, awarded to organisations that pass the rigorous, independently verified, certification process.

Data classification

All information we handle is classified in terms of value, legal requirements, sensitivity and criticality. We have developed a detailed set of procedures for labelling and handling to complement this, and provide training to both staff and suppliers.

External parties

Before we work with any third parties, we undertake due diligence. We always request written assurances and carefully assess the level of risk associated with any third-party relationships. All third-party relationships are bound by a contractual duty of confidentiality and due dilligence is reviewed on an annual basis.

Hosting and access control

The FlexMR InsightHub platform, and associated systems, are hosted in an EU data centre that meets ISO 27001 access control requirements. All data processing occurs within the European Union. We also maintain formal procedures to control access to systems and data alike. USA based hosting can be arranged upon request.

More information

A detailed overview of our key policies and procedures can be found below. This includes information on our approach to contingency planning, incident response, web development and meeting the standards set out by international regulatory bodies.

General data protection regulation

FlexMR complies with all applicable GDPR provisions and works together with customers and partners to address contractual obligations for products and services. To date, FlexMR has implemented appropriate technical and organisational measures, including the appointment of responsible officers within the business to manage and deliver Data Protection and Information Security, to ensure as a Data Processor it meets the requirements of GDPR.

We appreciate the impact of GDPR on our customer base, and our partners. We are working with all parties involved to provide technical solutions that support our clients' GDPR obligations. If you have any questions relating to the approach FlexMR follows to data protection and security, please contact your account manager or the nominated Data Protection Officer who can be reached at dpo@flexmr.net

Further information on data protection

We recognise that data security is a large deciding factor for both stakeholders and research participants when choosing a research partner, which is why we have devised robust policies and procedures to help keep the sensitive data of all parties involved safe and sound.

Our dedicated information security officers are constantly on the lookout for the best safeguards to install, the safest software to use, and the best policies to implement to make sure that we commit to our promise to keep your data secure. For more information on our policies and procedures, please contact our information security team or download our dedicated brochure.

The growing awareness of consumer rights has led to increased clarity around research data. Working to high standards of data security, and building inclusive research communities are the keys to building trust in market research.

Information Security Officer, FlexMR

Empower better decisions

We have developed a game-changing insights empowerment framework that addresses the three major pressures placed on modern insight teams. We use the framework to construct bespoke partnership programmes - delivering measurable business value through agile research technology and a flexible approach to supporting services. Is your brand ready to take the first step towards insights empowerment? Find out what we can do for you on the pages below, or get in touch today.

Get in touch

Got questions for us or simply want to know more? Schedule a call with our team of research experts to see how we can help you streamline, scale and supercharge insights.

InsightHub platform

The InsightHub platform powers exceptional online research. Conduct surveys, focus groups, diaries and creative qual all from within a single, integrated space.

Expert services

Our services span a full and diverse spectrum. We offer everything from dedicated platform support and research education to in-depth consulting, project implementation and insight delivery.

Get email updates

Your details

By signing up you agree that we can process your information in accordance with our privacy policy.