Why Information Security Due Diligence Matters and Why SwiftCore’s Perfect Audit Matters Even More

In January, The Software Bureau’s cloud processing engine, SwiftCore, underwent a comprehensive data security audit and full penetration testing programme conducted by an independent information security specialist. We are proud to share that SwiftCore received a perfect bill of health, with only six very minor issues identified, all of which are already being fully addressed.

For us, this is more than a compliance exercise. It is a commitment to our clients, our industry and the data we all rely on every day.

Information Security Is Not Optional. It Is Foundational.

Across every sector, organisations depend on software suppliers to manage, process and safeguard sensitive information. That places software providers like us at the centre of the Information Security equation. When we take this responsibility seriously, the ecosystem becomes safer. When others do not, the consequences can be catastrophic.

Unfortunately, several recent UK incidents highlight what happens when software providers fail to take robust precautionary measures:

• DXS International, a UK based healthcare technology supplier for NHS England, disclosed a cyberattack in December 2025. A ransomware group claimed to have stolen 300 GB of data, prompting regulatory scrutiny and investigations. [techcrunch.com]
• The UK Information Commissioner’s Office fined Advanced Computer Software Group £3 million following a ransomware attack that exposed data on roughly 80,000 individuals, partly because multi factor authentication had not been implemented on a customer account. [securityweek.com]
• The ICO also fined LastPass UK Ltd £1.2 million for a breach compromising personal data of up to 1.6 million UK users, triggered by insufficient technical controls and exploitation of employee devices. [ico.org.uk]

These examples demonstrate a simple truth. If software suppliers do not actively maintain the highest IS standards, they put their customers and themselves at risk.

Comprehensive Due Diligence Must Be the New Minimum Standard

We firmly believe every business purchasing or relying on software should demand evidence of robust Information Security controls. That means:

• Regular third-party audits
• Penetration testing
• Transparent reporting
• Rapid remediation of any issues found
• Demonstrable adherence to industry frameworks and best practice

Supply chain attacks are rising sharply, with experts noting that over 40 percent of ransomware attacks originate from compromised third party vendors.

If your suppliers are not undertaking IS due diligence, your company may already be carrying hidden and unnecessary risk. [cybernews.com]

Leading by Example

SwiftCore’s recent audit reaffirms our ongoing commitment to maintaining the highest possible standards of security. Just as importantly, we believe the whole market should aspire to the same level.

We want competitors, partners and industry peers to raise their standards. When poor security anywhere threatens businesses everywhere, we all share the risk.

Do Not Wait for an Incident to Expose a Weak Link

If your software suppliers are not conducting regular IS due diligence, you could be unknowingly putting your business, your clients and your reputation in jeopardy. The consequences of a breach can be severe, including operational disruption, regulatory fines, reputational damage and permanent loss of trust.

Need Help Strengthening Your Supplier Due Diligence?

If you would like support in designing or improving your Information Security due diligence surveys or supplier assessments, we can help.

Get in touch and let us work together to improve the security baseline across our entire industry. Protecting data is everyone’s responsibility, and those who fail to take it seriously may find themselves in deep trouble.