We are a member of the British Computer Society (BCS), The Chartered Institute for IT (Information Technology) and uphold the BCS Code of Conduct. This sets out important standards governing a memberās actions in relation to public interest, competence, integrity and professional responsibilities. We continue to improve our alignment with, and measure our performance against, the USA National Institute of Standards and Technology (NIST) Cyber Security Framework.
Our IT Governance Structure
The governance of our information security is overseen by our Board, but policy actions are the responsibility of our IT Steering group. The group reviews our information security strategy and objectives. It also agrees on standards and develops any information security related capital programs. They provide a quarterly written report and an annual presentation to the Board.
Reporting into the IT steering group is our IT leadership team, which is responsible for proposing strategy and implementing information security systems alongside managing training and security standards.
Our Legal Compliance team also provides important input and insight into the IT steering group. They review our global information security policies and procedures to confirm they are aligned with international data protection requirements.
Managing Information Securely in 2024
46 Cyber Security Training Campaigns
to over 2,000 employees
Over 6,000 Phishing Tests
where any user caught by the phish test is enrolled into additional phishing training.
- Cyber Security
- Information Security Training
- Audit and Risk Assessment
Cyber Security
Cyber security is a subset of our wider information security practices. It focuses on defending our IT systems and electronic information. New threats and vulnerabilities materialize daily and maintenance of cyber security continues to be a challenge for all businesses globally. It is vital for organizations to combat these threats by creating a risk-aware culture and by ensuring that we have appropriate protections in place to manage cyber risks regarding identity, applications, data, and devices. We are committed to continually improving cyber security through investment in our people, processes and IT infrastructure.
Our IT management team, in liaison with internal and external stakeholders, monitors best practice and ensures our solutions comply with the relevant legislative and regulatory standards on cyber security. This team is responsible for increasing awareness and developing our security training.
We issue regular communications to raise awareness of how to stay safe online, protect against online fraudsters and prevent organized cyber-attacks on our business. Our employees, including Board members, are given regular, mandatory training on cyber security related topics via our āKnowBe4ā global training platform.
The training covers a range of topics including access control, acceptable use and cyber security threats, such as phishing. Compliance is compulsory for all employees and tracked on an individual basis. We also formally issued and requested employee sign off for our Acceptable Use and Cyber Security Management policies.
Across our global IT team, we continue to embed a culture of information security best practice in all areas of IT service delivery. This approach is backed up by periodic training courses and discussions in ITās global monthly meetings.
Audit and Risk Assessment
We continually develop our risk assessment process with ongoing checks and assessments to validate the security of our network, applications and data. In Europe, we assess our compliance with external standards such as TISAX and MIS2. We are aiming for ISO 27001 accreditation by 2026.