Unit 8 Porsham Close, Plymouth, PL6 7DB
In partnership with
SECURITYPOLICIES AND PROCEDURES
Keeping Collectrical CIC’s IT systems, information and data safe and secure is a top priority for us. It is also a complex task that relies on technical knowledge as much as staff awareness and commitment.
Data is processed and controlled by Collectrical CIC in order for us to carry out our contracted duties with clients and commissioners. This policy highlights the measures we’ve put into place to fit our needs.
We refer to the Government’s 10 Steps to Cyber Security https://www.ncsc.gov.uk/guidance/10-steps-cyber-security and information security best practice in developing processes and procedures. Management of Information Security Ultimate responsibility for information security rests with the MD (Operations) of Collectrical.
Collectrical CIC is obliged to abide by all relevant UK and European Union legislation. The requirement to comply with this legislation is devolved to staff who may be held personally accountable for any breaches of information security for which they may be held responsible. Collectrical CIC complies with the following legislation and other legislation as appropriate: General Data Protection Regulation (GDPR) (2018) Data Protection Act (1998) Data Protection (Processing of Sensitive Personal Data) Order 2000. Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Health and Safety at Work Act (1974) Human Rights Act (1998) Regulation of Investigatory Powers Act 2000 Freedom of Information Act 2000 Health & Social Care Act 2001.
Active server monitoring is installed and is monitored regularly. All assets are formatted and data erased before they are disposed or recycled and removed from our asset register.
Secure data destruction is always completed in house and all clients have a choice of DBAN or government approved Verity SV91M degausser.
When any form of equipment containing data is collected a simple yet effective procedure is in place.
- Upon entry to our premises HDD’s are removed, logged and put into a locked box.
- When ready for data destruction, each drive is wiped using either software or a Degausser.
- Drives unsuitable for reuse are sent for refinement
We at Collectrical CIC take data protection extremely seriously, any miscarriage will be dealt with to the fullest extent of the law.
Once we consider a laptop ready for use, one of our team is always happy to drop of to the recipient. Collectrical CIC have even been known to post laptops.
They are always received so gratefully.