Our IT Security Policy

We have extended policies and training plans for our employees, third parties and our entire supply chain. The below is just a topline example of our approach to cyber security. If you would like any further information please get in touch.

Devices

  • All company devices are protected with an adequate password
  • Company devices are regularly updated with the latest software releases and patches
  • Devices are locked when not in use or unattended
  • Devices are appropriately secured before employees leave desks and overnight
  • Approval is gained for removing devices from company premises
  • Staff adhere to company policy regarding the installation of third-party applications and personal use
  • Employees to carry out only permitted tasks on a personal device
  • Employees only make use of secure and private networks to log into company systems

Email Security  

We ask employees to:

  • Verify the legitimacy of emails
  • Avoid opening attachments or clicking on links included in emails which appear suspicious
  • Look out for any significant errors relating to grammar in emails
  • Report any suspicious emails to the IT department

Password management 

We have a clear and strict password management policy which includes:

  • Passwords should be a minimum of 8 characters in length
  • Do not use common passwords or one-word passwords – e.g. password, abcdefgh, Iloveyou
  • Do not reuse your company password for non-work-related purposes
  • Make use of multi factor authentication where it is available
  • Do not share passwords with another employee. You must have an individual account for any company applications or systems that you make use of
  • Do not write passwords down. The business has implemented a password management tool, and employees make use of this

Secure Data Transfer 

  • We only transfer confidential data to other employees or third parties when absolutely necessary
  • We only transfer confidential information over company networks
  • We verify information relating to the recipient and ensure that they have sufficient security measures in place on their side before sending the data
  • Employees gain sign off from a member of senior management for the data transfer
  • We ensure that data transfers take place in accordance with GDPR and any confidentiality agreements which may be in place