We take the protection of your personal information extremely seriously and we have a number of measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. For example:
- electronic document security which operates on a number of different levels, including:
- access to our IT network is username and password protected;
- once logged on to our network, documents may only be accessed through our document management system;
- every action applied to a document is logged by date, user, device and type of activity;
- encryption of moveable media (e.g. laptops and mobile phones);
- next generation anti-virus software is implemented across all devices;
- emails are sent using TLS encryption where possible;
- staff receive data protection and information security awareness training and are required to adhere to our internal data protection policies and procedures;
- multi-factor authentication is used for externally accessible systems; and
- implementation of physical security measures at all of our offices (including restricted access and CCTV).
We also limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
In addition, we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.