- About Us
- Company Policies
- INFORMATION SECURITY
Issue Date: January 2018
Next Review: January 2019
INFORMATION SECURITY (DATA PROTECTION) POLICY STATEMENT
Appropriate technical and organisational measures are taken to prevent unauthorised or unlawful processing of personal data and commercially sensitive information, and to safeguard against accidental loss or destruction of, or damage to same.
To reassure our business partners and other interested parties of our commitment to protecting, securing and controlling systems and data, the company security controls are verified by independent experts and certified to the Government backed scheme ‘Cyber Essentials Plus’.
This Company will act to ensure that measures are implemented to protect the integrity of information, such measures shall include:
- Protecting computer networks, all desktop and portable computers and handheld devices with user log-in credentials, complex passwords and, where appropriate, biometrics.
- Protecting networks from any damaging executables or scripts introduced by portable media, not limited to, but such as memory sticks and optical storage.
- Utilisation of Anti-Virus, Anti-Malware and Anti-Adware programs that are updated to the latest database definitions.
- Firewalls to protect against unwanted intrusion into networks, servers, computers and hand held devices.
- Maintaining information to ensure that it is accurate and complete.
- Data centre back-ups shall be protected by 256bit AES encryption which prevents data being read by any unauthorised holder. Copies of back-ups are kept off-site using controlled and secure procedures.
- Adherence to contracts with our clients that contain strict no-publicity clauses and thus photographic media taken on clients’ premises and sites will not be used or displayed without explicit permission to do so.
- Communicating Confidentiality Agreements and Non Disclosure Agreements to relevant personnel.
- Denial of access by our employees to Social media and networking, and in particular the transmission or posting of site photographs.
- Enacting disciplinary action against any employee who jeopardises the security and confidentiality of information/data entrusted to the company.
- Communication Logs that are only accessible by authorised personnel shall be retained for a period of 2 weeks for the purpose of fault diagnosis and user support, after which time they are securely deleted.
By implementing the above security measures we shall comply with business, contractual, and regulatory requirements, including those of the Data Protection Act. This policy is formulated with reference to International Standards ISO27001 – Information Security management systems requirements and ISO22301 – Business continuity management systems requirements.