That'll be Security Essentials (self assessment) or Security Essentials + then.
Neither really bad things but not really suitable to multi-billion pound high profile telcos or other high profile organisations.
Why not just get one little bit of the company ISO27000 accredited then claim everything is great everywhere, forever? That's what everyone else does.
Then you ask for the scope of compliance and it all goes quiet....