COMPANY IT SECURITY POLICY
All client data is received or sent via our secure End to End encrypted email software.
Any data files or PDFs returned to clients will also be password protected and the password sent via a separate email.
Only members of the IT department and management have permission to access the client data sent via email.
All PCs that are used to process clients data contain firewalls and are password protected. Once a screen has been inactive for 10 minutes, a password is required to access the PC again. These passwords are changed every 2 months. The individual client data folders are also password protected.
If it is necessary to dispose of a PC, the hardware is removed and forensically destroyed.
Client data is kept for 6 months unless otherwise instructed. It is then securely erased from the client file as well as the email that contained the original data.
Client data is never sent to any third party unless specifically instructed by the client.
The IT department and office PCs are securely backed up by an independent IT company every 3 months . The backup hardware is kept in our Rosengrens fire safe and is securely erased after 3 months.
When it is necessary to transfer clients data (name and address records) onto a USB stick for inkjetting purposes, the USB stick is logged out of the IT department and taken by hand to the inkjet operator who signs for the stick using the Client Data Transfer form. Once printing is completed, the USB stick is returned to the IT department who signs it back in and securely erases all the data contained on it.
In addition to our data security, we have the following security procedures in place:
- All doors and windows are alarmed to NSI standards.
- A 5 digit alarm code is fitted to the premises and the code is changed every 2 months.
- The office and IT department doors are fitted with separate digital locks with separate 6 digit codes. These codes are changed every 2 weeks.
- Only data personnel and management grade personnel are authorised to enter the IT department and office where computers are present.
- On occasion, where it may be necessary to have other personnel present in the IT department or office (apart from 4. above) these persons will always be accompanied by a member of the IT department or management team.
- Any uncompleted work that involves clients details (name and address carriers, personalised letters, addressed envelopes etc) from jobs that are being undertaken in the general office are removed and stored in a secure, locked room until commencement of the job the following day.
Any ‘spoils’ which may occur during laser printing or inkjetting that contains any client data are always shredded immediately on the premises.
In the case of any returns, the names and addresses are separated from any other inserts, stored in our in-house fire safe and returned to the client as instructed.
No client information, either electronic or hard copy leaves our premises at any time with the exception of mailing items containing names and addresses handed over to the Royal Mail or 3rd Party Downstream companies as instructed by the client.
We do not use outworkers for any tasks that contain any personal data.