Metro attains Government-backed Cyber Essentials certification

Metro has achieved Cyber Essentials certification, the UK Government-backed baseline for protecting organisations against the most common cyber threats.

Achieving Cyber Essentials builds on our ISO/IEC 27001:2022 certification awarded in July, reinforcing a layered, standards-led approach to information security across our operations and supply chain.

With business and procurement leaders reporting a marked rise in attacks and cascading disruption risks. Strengthening first-line cyber controls at each node in the chain is now a business continuity priority, not just an IT task. Our Cyber Essentials certification evidences robust baseline controls, while ISO 27001 provides the governance, risk and assurance framework above them.

Cyber Essentials focuses on five technical controls proven to block or defend against the most prevalent cyber-attacks:

• Firewalls & internet gateways to prevent unauthorised access
• Secure configuration of devices, software and services
• User access control with least-privilege principles and strong authentication
• Malware protection to detect and stop malicious code (including ransomware)
• Patch management to close known vulnerabilities promptly

Certification is independently assessed and renewed annually, driving continual improvement and accountability.

A continuum of assurance

• ISO/IEC 27001:2022 (achieved July 2025) sets the overarching Information Security Management System (ISMS) covering policy, risk assessment, controls and audit.
• Cyber Essentials complements this with mandated, practical safeguards at the device and network edge. A tangible signal to customers that foundational defences are in place and verified. 

UK guidance continues to emphasise board-level accountability for cyber resilience, reflecting the escalating tempo and impact of attacks. Metro’s combined certifications align with this direction of travel and with customer expectations for measurable, third-party-validated controls across their logistics partners.

What customers can expect

• Trusted handling of data and systems across bookings, visibility tools and integrations
• Consistent security standards applied to partners and internal processes
• Ongoing improvement via annual Cyber Essentials renewal and ISO 27001 surveillance

Cyber Essentials certification is a further step in our long-term programme to deliver secure, technology-driven solutions that help you operate with confidence in an increasingly digital trading environment.

To discuss secure integrations, data exchange or platform connectivity, EMAIL Ian Powell, Customer & Technical Solutions Director.