Issue Date: January 2017
Next Review: January 2018
INFORMATION SECURITY (DATA PROTECTION) POLICY STATEMENT
Appropriate technical and organisational measures shall be taken to prevent unauthorised or unlawful processing of personal data and commercially sensitive information, and to safeguard against accidental loss or destruction of, or damage to same.
This Company will act to ensure that measures are implemented to protect the integrity of information, such measures shall include:
- Protecting computer networks, all desktop and portable computers and handheld devices with user log-in credentials, passwords and
- Utilisation of Anti-Virus, Anti-Malware and Anti-Adware programs that are updated to the latest database definitions.
- Firewalls to protect against unwanted intrusion into networks, servers, computers and hand held
- Maintaining information to ensure that it is accurate and
- Data centre back-ups shall be protected by 256bit AES encryption which prevents data being read by any unauthorised Copies of back-ups are kept off-site using controlled and secure procedures.
- Adherence to contracts with our clients that contain strict no-publicity clauses and thus photographic media taken on clients’ premises and sites will not be used or displayed without explicit permission to do so.
- Communicating Confidentiality Agreements, and Non Disclosure Agreements to relevant
- Denial of access by our employees to Social media and networking, and in particular the transmission or posting of site
- Enacting disciplinary action against any employee who jeopardises the security and confidentiality of information/data entrusted to the
By implementing the above security measures we shall comply with business, contractual, and regulatory requirements, including those of the Data Protection Act. This policy is formulated with reference to ISO27001 and ISO22301.