Yes, we have a procedure which covers what happens once a breach has been detected to ensure that schools are informed of this in the necessary designated timescales as set out in the GDPR, specifically Article 33 and 34.
We are lucky to be located on a ListX Secure Site in Farnborough which means we enjoy enhanced security protocols with access to our physical offices. The site is fenced and guarded 24 hours a day. Building access is restricted by swipe cards with minimal access. Our internal sensitive document and server stores are locked […]
If a breach is detected, as part of our requirements under Article 33 of the GDPR, we must determine how the breach occurred in the first instance and how we intend to mitigate this risk in the future. This analysis is then used to update any existing documentation and documented procedures to bring them up […]
We have an internal Data Protection Policy that we review annually or before we make significant changes to company structure or workings. We use the Privacy by Design method for everything we do. This is something the GDPR stipulates, which we are comfortable with as we have always worked on a “path of least access” […]
Yes, we have several documents that cover how the various parts of this are handled. This covers the full scope of handling the breach, mitigating it further, analysis of how the breach occurred and any disciplinary action that may need to be taken with employees on breach of company policy.
Devices that are provided by the company are encrypted before they are provisioned. It is policy that our employees use their devices to securely access their workstation in our office via our SSL VPN. There are exceptions in this policy if the work being completed is not of a sensitive nature and does not contain […]
As we are a small company, our requirements for record keeping differ from that of larger companies, however, there are instances where we will go beyond our requirements. We provide on going support to our employees on how to protect data effectively with more formal meetings annually, which are recorded on their employee file. If […]
As part of our media destruction policy, hard drives that are no longer in use are securely transported from the data centre to our secure site office where they are stored in a locked cabinet. In order to reduce costs, we do not destroy the hard disks on an ad-hoc basis, rather we wait until […]