As an IT support provider Network Ltd has privileged access to the data held by our clients. We therefore take IT security and the GDPR very seriously. Some of the steps that we have taken to meet with the GDPR are:
- Extensive staff training on understanding what personal data is and limiting access to personal data to a "need to know basis" where possible.
- Identifying where our clients store personal data and taking the necessary steps to ensure that personal data is carefully protected using encryption and two layers of password protection.
- Extensive staff training on cyber security including regular reviews of the latest cyber threats and the internal sharing of information about the latest phishing and malware attacks.
- Layered protection of usernames and password in double encrypted password vaults. Staff only have access to the usernames and passwords that they need to carry out their jobs.
- Two factor authentication on all Network Ltd accounts and services where available.
- Regular patching of all routers and devices that Network Ltd manage.
- Further measures such as physical office security, implementation of Data Loss Prevention rules, use of password pushers, routine encryption of documents sent externally and other GDPR best practice policies.
Network Ltd undertakes a yearly review of the IASME Consortium (https://www.iasme.co.uk) IASME Governance Self-Assessment Questions. The below log shows the last review dates and times including the version number:
|Date||Document Reviewed||Reviewed By|
|29th April 2019||IASME-governance-and-Cyber-Essentials-questions-booklet-v11.0.pdf||Ryan Butler|
|26th February 2018||IASME-governance-and-Cyber-Essentials-questions-booklet-v10.7.pdf||Ryan Butler|