about certes

As a staffing and IT recruitment agency, Certes has a 30 year successful track record delivering UK wide IT and comms staff, as well as staffing services and recruitment support.

Security Policy

Purpose

The Purpose of the Policy is to protect Certes Computing Ltd’s (the “company”) information assets from all threats whether these are internal, external, deliberate or accidental.

Scope

We recognise that information exists in many forms and this policy extends to data stored on computers, transmitted across networks, sent by fax, printed or handwritten on paper. This policy also covers data stored on any format of tape or diskette and any other format of removable storage device.

This policy refers also to any information shared in a conversation or over the telephone.

The appropriate recording and the control of information is in place to satisfy the statutory requirements of the Data Protection Act 1998 and The General Data Protection Regulation (EU) 2016/679.

This Policy applies to all Company full and part time employees, agency employees, and all clients, candidates and suppliers who receive Personal Data from the Company, have access to Personal Data collected or processed by the Company, or who provide information to the Company in the UK or overseas.

The Company considers that adequate security measures should include all of the following:

Data will be protected against unauthorised access and that the confidentiality of data will be maintained at all times.

The Company will use organisational and technical controls to prevent unauthorised persons from gaining access to Data Processing systems in which Personal Data are processed.

The Company employs controls preventing persons entitled to use a Data Processing system from accessing Data beyond their needs and authorisations

Adequate security controls will be in place to ensure that Personal Data in the course of transport or during storage on a Data carrier cannot be read, copied, modified or removed without authorisation.

The integrity of Personal Data will be maintained by safeguarding the accuracy and completeness of information by protecting against unauthorised modification, destruction or loss.

Regular Risk Assessments will be carried out to assess the Confidentiality, Integrity and availability of Information.

Operating Procedures and Standards are in place to support this policy (including the use of passwords and virus control), these are subject to regular internal audit.

The Compliance Officer has direct responsibility for the maintenance of this policy and giving guidance to the business on the implementation of the policy and its associated procedures.

The company shall implement controls to ensure data security is maintained by ensuring that Data are not kept longer than stipulated in the Data Retention Policy, including by requiring that Data transferred to third persons be returned or destroyed.

All of Certes Managers are directly responsible for implementing this policy and other associated company data policies and procedures within their own business area including the adherence by their staff.

All actual or suspected breaches of data security will be reported to the Compliance Manager and investigated accordingly in line with Certes Data Breach Policy & Procedures.


Richard King
Compliance Officer
March 2018‚Äč

discover 4sight
submit your vacancy
request a callback
 
News and
Updates
Our comprehensive guide to UK security clearance and free DV checklist

29 May 2018

Our comprehensive guide to UK security clearance and free DV checklist

Find out more about the types of security clearance in the UK, how you can apply and where to look for your first security cleared job.

From our
Social