Compliance
At Stour, we understand how important it is to have trust in your supply chain.
Licensed UK Mobile Network Operator
Stour is a fully licensed UK Mobile Network Operator (MNO), regulated by Ofcom.
As a licensed operator, Stour is subject to:
The General Conditions of Entitlement; a core regulatory framework that applies to all UK communications providers.
The Telecoms Security Act (TSA); requiring operators to take proportionate and proactive steps to secure their networks and services, under technical guidance published by the National Cyber Security Centre (NCSC).
What this means for our partners:
Services are delivered within a clear legal and regulatory framework.
Our numbering is managed under Ofcom issued allocations and oversight.
Our compliance work isn’t just a box-ticking exercise, it’s part of how we build reliable, long-term services.
Being Ofcom regulated underpins everything we do, giving partners confidence that Stour operates with accountability, transparency, and security by design.
Industry Memberships
Stour is an active participant in the global telecoms community.
Mobile Ecosystem Forum (MEF); as a member, we contribute to industry initiatives on trust, compliance, and anti-fraud in telecoms.
GSMA Rapporteur Membership; giving us direct involvement in standards discussions, and working groups, that shape the future of mobile networks.
These memberships keep Stour connected to the wider ecosystem, ensuring our services align with evolving best practices and industry standards.
SOC 2 Type II Audited
Stour is SOC 2 Type II audited,
providing independent assurance
that our controls are not only well-designed,
but proven to operate effectively over time.
SOC 2 is an internationally recognised framework developed by the AICPA.
Type II audits test controls across an extended period, not just on a single date.
Our audit, conducted by Prescient Assurance, evaluated Stour’s controls against the Trust Services Criteria; including Security, Availability, and Processing Integrity.
This attestation confirms that our systems consistently meet rigorous standards for protecting client data and delivering resilient services.
ISO 27001 Certified
Stour is ISO 27001 for
information security management,
this means:
Our policies, processes, and controls are independently audited against international standards.
We maintain a structured Information Security Management System (ISMS) designed to identify and manage risk.
Security is built into our operations; from data handling to partner integrations.
Certification provides assurance that we treat client and network data with the highest level of care and accountability.
Useful links:
Ofcom General Conditions of Entitlement
Telecommunications Security Code of Practice
