Information Security

We make extensive use of the latest information technology to optimize our global business operations. To ensure these tools are managed securely and avoid loss or corruption of data, we maintain strict security standards.

We are a member of the British Computer Society (BCS), The Chartered Institute for IT (Information Technology) and uphold the BCS Code of Conduct. This sets out important standards governing a member’s actions in relation to public interest, competence, integrity and professional responsibilities. We continue to improve our alignment with, and measure our performance against, the USA National Institute of Standards and Technology (NIST) Cyber Security Framework.

Our IT Governance Structure

The governance of our information security is overseen by our Board, but policy actions are the responsibility of our IT Steering group. The group reviews our information security strategy and objectives. It also agrees on standards and develops any information security related capital programs. They provide a quarterly written report and an annual presentation to the Board.

Reporting into the IT steering group is our IT leadership team, which is responsible for proposing strategy and implementing information security systems alongside managing training and security standards.

Our Legal Compliance team also provides important input and insight into the IT steering group. They review our global information security policies and procedures to confirm they are aligned with international data protection requirements.

Managing Information Securely in 2024

46 Cyber Security Training Campaigns

to over 2,000 employees

Over 6,000 Phishing Tests

where any user caught by the phish test is enrolled into additional phishing training.

  • Cyber Security
  • Information Security Training
  • Audit and Risk Assessment

Cyber Security

Cyber security is a subset of our wider information security practices. It focuses on defending our IT systems and electronic information. New threats and vulnerabilities materialize daily and maintenance of cyber security continues to be a challenge for all businesses globally. It is vital for organizations to combat these threats by creating a risk-aware culture and by ensuring that we have appropriate protections in place to manage cyber risks regarding identity, applications, data, and devices. We are committed to continually improving cyber security through investment in our people, processes and IT infrastructure.

Our IT management team, in liaison with internal and external stakeholders, monitors best practice and ensures our solutions comply with the relevant legislative and regulatory standards on cyber security. This team is responsible for increasing awareness and developing our security training.

Cyber security in the workplace is everyone’s responsibility.

We issue regular communications to raise awareness of how to stay safe online, protect against online fraudsters and prevent organized cyber-attacks on our business. Our employees, including Board members, are given regular, mandatory training on cyber security related topics via our ā€œKnowBe4ā€ global training platform.

The training covers a range of topics including access control, acceptable use and cyber security threats, such as phishing. Compliance is compulsory for all employees and tracked on an individual basis. We also formally issued and requested employee sign off for our Acceptable Use and Cyber Security Management policies.

Across our global IT team, we continue to embed a culture of information security best practice in all areas of IT service delivery. This approach is backed up by periodic training courses and discussions in IT’s global monthly meetings.

Audit and Risk Assessment

We continually develop our risk assessment process with ongoing checks and assessments to validate the security of our network, applications and data. In Europe, we assess our compliance with external standards such as TISAX and MIS2. We are aiming for ISO 27001 accreditation by 2026.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.