GDPR and Cyber Security
POSITION AS AT 12th APRIL 2018
We are currently conducting a full review of our policies and procedures to ensure that we are fully compliant with GDPR legislation which will come into force on 25th May 2018. At this stage it would be inappropriate to issue any of these documents as they are in the draft stages. In the interim period, please find on the left a copy of our Data Protection and IT policy from our Staff Handbook (please note that these have not yet been updated to reflect our latest position)
We are receiving a number of questionnaires from Customers and are unable to respond to these individually due to the volume received and the amount of information requested within each.
We will be providing various updates via this section of our website, covering our overall position on GDPR, data and cyber security along with specific information relating to each software or service we offer.
SOME CURRENT POLICIES / PROCEDURES ALREADY IN PLACE
- Clear desk policy
- Locked filing cabinets
- Office entry controls with separate secure access to the Server room
- Locking of PC’s when away from desk and shut down at the end of each day
- Restricted server access
- Secure firewall installed at the server and non-removeable anti-virus and malware detection software installed on all PC’s, Tablets and Laptops.
- Secure waste collection, provided by Datashredders Ltd
- Regular training and updates provided to staff
- Encrypted daily online backups to EU based data centres
We are currently completing our Cyber Essentials Plus accreditation. Once in place (due Mid-May 2018), we will then be following this by applying for ISO27001:2013 accreditation.
Once we have implemented any changes, this section of our website will be updated in due course to include our amended policies and procedures. Please revisit this page on a regular basis to see the latest information available.