Policies and Procedures
Our Data Protection Policy is reviewed and updated annually.
Out of office hours the main office building is securely locked and alarmed. During office hours, visitors are not allowed unsupervised access to office areas.
There are robust practices to ensure the security of paper records: they are stored in locked filing cabinets, and shredded once they are no longer needed, in line with our data retention policy. Large quantities of confidential waste are disposed of by Morgans, and certificates confirming destruction are provided and held on file.
References for all staff are obtained prior to employment and we place a high value on trustworthiness, integrity and confidentiality. Staff receive regular training (at appropriate levels) on data protection: currently all staff are receiving monthly training at our Full Team Meetings.
As an almost entirely Mac–based organisation, our cyber security issues are significantly reduced. All staff laptops are encrypted and all staff computers are passworded. Only the staff member and the PA know the password to each computer. Staff are encouraged to use passwords for files containing personal data, and to consider using file sharing websites rather than attachments when personal data needs to be transferred for some reason. Data on our secure server is encrypted, and it is backed up regularly. Care and consideration are taken regarding SPAM mail, up to date antivirus protection and appropriate firewalls, as well as installing updates. Outdated computer equipment is destroyed by our IT support (Blackdog Media) and certificates of disposal are provided. SUNI policy is to shutdown computers completely or put on ‘sleep more’ each evening, which would avoid sensitive information being accessed in the event of an office break in. Our wireless router is secure and guards against hackers, and a wifi password is in place. The connection between devices and the wifi is encrypted.