Security Statement Policy

1. We have a management and corporate commitment to information security within the organisation and provide clear direction, guidance and responsibilities and procedures in this respect.

2. The company has a compliance officer who deals with security of information and personal data.

3. All employees are briefed on the importance of personal data and security and confidentiality of information obtained.

4. We control physical security in relation to the information and personal data that is contained at our facilities and restrict access to the site, buildings, computer rooms, office desk, technology areas, equipment and other facilities where unauthorised access by people could compromise our security.

5. All proprietary or confidential information, including personal data, is contained or stored on computer and any that is contained and stored on manual files are locked up and secure.

6. We seek to control access to information and personal data, including existing procedures for authorising and authenticating users as well as software controls for restricting access and techniques for protecting data such as encryption. Encryption is used in connection with our payment facilities for customers.

7. We monitor and log access so as to assist in detection and investigation of security breaches and any attempted breaches where they occur.

8. We maintain a business continuity plan as a contingency plan which identifies our business functions and assets (including personal data) which would need to be maintained in the event of disaster and set out the procedures for protecting and restoring them if necessary.

9. Our staff are trained on security systems and we have relevant procedures in place in relation to the obligations under the Data Protection Act 1998. Accordingly staff are aware of information security issues and they can go to the compliance officer with any issues relating to the Data Protection Act, Privacy or personal data. From time to time we endeavour to provide external speakers or representatives of relevant bodies to carry out training or to deliver seminars on the relevant subject.

10. In respect of detection and investigation of breaches where they occur, we have in place relevant controls which should alert us to a breach in security. We endeavour to investigate every breach of security.

11. The personal data and information held by us are currently stored [on the system, help desk system, mass email programme data base, individual account contact manager’s systems together with the training booking spreadsheet, invoicing spreadsheet, Excel spreadsheets, paper form.

12. We are taking and will endeavour to continue to take all reasonable steps in order to protect our information and all personal data. However, the Company cannot guarantee the security of any personal information or data disclosed to it or collected by it.