INFORMATION SECURITY & DATA PROTECTION

Issue Date: January 2024
Next Review: January 2025

INFORMATION SECURITY & DATA PROTECTION POLICY STATEMENT

The Company ensures appropriate technical and organisational measures are taken to prevent unauthorised or unlawful processing of personal data and commercially sensitive information, and to safeguard against accidental loss or destruction of, or damage to same.

To reassure our business partners and other interested parties of our commitment to protecting, securing, and controlling systems and data, the company security controls are verified by independent experts and certified to the Government backed scheme ‘Cyber Essentials Plus’.

The Company will act to ensure that measures are implemented to protect the integrity of information, such measures shall include:

  • Protecting computer networks, all desktop and portable computers and handheld devices with user log- in credentials, complex passwords and, where appropriate, biometrics.
  • Protecting networks from any damaging executables or scripts introduced by portable media, not limited to, but such as memory sticks and optical storage.
  • Utilisation of Anti-Virus, Anti-Malware and Anti-Adware programs that are updated to the latest database definitions.
  • Firewalls to protect against unwanted intrusion into networks, servers, computers and handheld devices.
  • Maintaining information to ensure that it is accurate and complete.
  • Copies of back-ups are kept off-site using controlled and secure procedures.
  • Adherence to contracts with our clients that contain strict no-publicity clauses and thus photographic media taken on clients’ premises and sites will not be used or displayed without explicit permission to do so.
  • Communicating Confidentiality Agreements and Non-Disclosure Agreements to relevant personnel.
  • Promoting good security practices and training those whom we employ, providing guidance, awareness, and advice on the importance of protecting confidential and sensitive information.
  • Limited and monitored employee access to social media and networking.
  • Enacting disciplinary action against any employee who jeopardises the security and confidentiality of information/data entrusted to the company.
  • Communication Logs that are only accessible by authorised personnel shall be retained for the purpose of fault diagnosis and user support.

By implementing the above security measures, we shall comply with business, contractual, and regulatory requirements, including those of the General Data Protection Regulation. This policy is formulated with reference to International Standards ISO27001 – Information Security management systems requirements and ISO22301 – Business continuity management systems requirements.

This policy is communicated to our supply chain, relevant interested parties and all those working for, or on behalf of, the company.

G Somers

Managing Director