Tel: 01782 894 912
Email: office@plas-fit.co.uk
Last updated: 07/08/2024
Objective:
To safeguard the integrity, confidentiality, and availability of Plas-Fit UK’s information systems and data. This policy outlines the company’s approach to managing IT security risks and ensuring the protection of digital assets.
Scope:
This policy applies to all employees, contractors, and third parties who use or have access to Plas-Fit UK’s IT systems and data.
Policy Statement:
• Information Security: Plas-Fit UK is committed to protecting its information systems from threats, both internal and external, to ensure business continuity and minimise risk.
• Compliance: Plas-Fit UK will comply with all relevant laws, regulations, and best practices related to IT security and data protection.
Responsibilities:
Management:
-Implement and maintain effective IT and cyber security measures.
– Ensure that all employees are aware of and adhere to this policy.
– Regularly review and update security policies and procedures.
Employees:
– Follow the IT and cyber security guidelines outlined in this policy.
– Report any security incidents or concerns to the IT department.
– Protect their login credentials and not share them with others.
Key Areas of the Policy:
1. Access Control:
– User Authentication: All users must use strong, unique passwords and multi-factor authentication where possible.
– Access Rights: Access to systems and data will be granted based on job roles and responsibilities. Regular reviews will be conducted to ensure appropriate access levels.
2. Data Protection:
– Data Classification: Data will be classified based on its sensitivity and handled accordingly.
– Encryption: Sensitive data must be encrypted both in transit and at rest to protect against unauthorised access.
3. Network Security:
– Firewalls and Antivirus: Firewalls and antivirus software will be deployed and regularly updated to protect the network from threats.
– Secure Configuration: All IT systems will be configured securely and kept up-to-date with the latest server updates, patches and software updates.
4. Incident Management:
– Reporting Incidents: All security incidents, including suspected breaches, must be reported immediately to the IT department or responsible manager/director.
– Response Plan: An incident response plan will be in place to manage and mitigate the impact of security incidents.
5. Use of IT Resources:
– Acceptable Use: Employees must use IT resources responsibly and not for any illegal or unauthorised purposes.
– Monitoring: Plas-Fit UK reserves the right to monitor the use of its IT systems to ensure compliance with this policy.
6. Training and Awareness:
– Employee Training: Training sessions will be conducted to educate employees about IT security best practices and emerging threats.
– Awareness Programs: Ongoing awareness programs will be implemented to reinforce the importance of cyber security.
7. Third-Party Access:
– Vendor Management: Any third parties with access to Plas-Fit UK’s IT systems must comply with the company’s security policies and procedures.
– Contracts: Security requirements will be included in contracts with third-party vendors.
8. Policy Compliance:
– Audits: Regular audits will be conducted to ensure compliance with this policy.
– Disciplinary Action: Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.
Review:
This policy will be reviewed regularly and as necessary to ensure its effectiveness and alignment with current cyber security threats and best practices.
This IT and Cyber security Policy ensures the protection of Plas-Fit UK’s information systems through robust security measures, regular training, and clear guidelines for incident management and compliance.
Regular reviews and updates help maintain the policy’s relevance and effectiveness.
Contact Information:
For any questions or concerns about this policy, please contact Plas-Fit UK on 01782 894 912.