Skip to main content
Our Blog

Exprodo Software achieves ISO 27001 certification

  • Published: 07 January 2026
  • Author: Paul Robinson, CEO & Brian Sharland, CISO

In September 2025, Exprodo Software achieved ISO 27001 certification. This post explains what that means, why we pursued it, and what it means for organisations using or evaluating Calpendo.

What is ISO 27001?

ISO 27001 is the international standard for information security management systems (ISMS). It provides a framework for how organisations should manage and protect information assets.

Certification isn't self-declared. It requires an independent audit by an accredited certification body, who assess whether your policies, processes, and controls meet the standard's requirements. Maintaining certification requires ongoing surveillance audits to ensure continued compliance.

Our certification was conducted by ISOQAR, a UKAS-accredited certification body.

The standard covers areas including:

  • Information security policies and governance
  • Risk assessment and treatment
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • Supplier relationships
  • Incident management
  • Business continuity

Why we pursued certification

Two reasons: customer requirements and our own commitment to doing things properly.

Over the past few years, we've seen a clear shift in procurement requirements across the higher education and research sectors. Security questionnaires have become longer and more detailed. More institutions now require suppliers to hold recognised certifications rather than simply describing their practices.

ISO 27001 has become a common requirement in tenders and vendor assessments. Although security questionnaires remain a common process during procurement, certification provides independent verification that we meet an internationally recognised standard and therefore will speed up and simplify our ability to demonstrate adherence to those standards.

But beyond procurement requirements, we believe it's the right approach. Calpendo systems hold booking data, user information, project details, in some cases financial records for research facilities as well as potentially many other categories of data covered by information security and data protection laws and standards. That data deserves to be protected by properly managed, audited security practices and not just good intentions.

What the certification covers

Our ISO 27001 certification covers the entire scope of Exprodo Software's operations:

Software development: How we design, build, test, and release Calpendo. This includes secure coding practices, code review processes, and change management.

Hosting and infrastructure: How we manage the servers and infrastructure that run hosted Calpendo systems. This includes access controls, patching, monitoring, and incident response.

Data handling: How we protect customer data at rest and in transit, including encryption, backup procedures, and data retention practices.

Access management: How we control who within our team can access what, including authentication requirements, role-based permissions, and access reviews.

Supplier management: How we assess and manage the security practices of our own suppliers and service providers.

Business continuity: How we ensure Calpendo remains available and how we would recover from significant incidents.

What this means for Calpendo users

If you're an existing customer, you now have a certified supplier for your vendor management records. When your IT security or procurement team asks for evidence of supplier security practices, we can provide our ISO 27001 certificate along with supporting documentation.

If you're evaluating facility management systems, our certification should simplify your assessment process. While you may still have specific questions about how Calpendo handles particular scenarios, the certification confirms that our underlying security management practices meet an internationally recognised standard.

For institutions that require ISO 27001 certification from suppliers, we now meet that requirement.

View our certificate

Our ISO 27001 certificate is available to view here: 

View Certificate

Requesting further documentation

If you have questions about our security practices or need additional documentation for a vendor assessment, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

For those completing security questionnaires, we're happy to provide further detail or arrange a call to discuss specific requirements.

Click Icon Logo

Ready to Learn More?

To begin exploring the powers of Calpendo, please click below to arrange an online demonstration with one of our Support Specialists, or start a free trial of the most powerful and intuitive Core Facility Management System.

Book a Demo