Security Policy

Last Updated: 03.04.2024

Introduction:

Greycorpuk Ltd (“Greycorpuk,” “we,” or “us”) is committed to ensuring the security and confidentiality of our systems, data, and information assets. This Security Policy outlines our approach to maintaining the security of our organization and the measures we take to protect against unauthorized access, use, or disclosure of information.

Information Security Responsibilities:

  • Management Commitment: Greycorpuk’s management is committed to establishing, implementing, and maintaining an effective information security program.
  • Employee Responsibilities: All employees, contractors, and third-party vendors are responsible for complying with this Security Policy and participating in security awareness training.
  • Security Team: Greycorpuk has designated a security team responsible for overseeing and implementing security measures, conducting risk assessments, and responding to security incidents.

Information Security Controls:

  • Access Control: Access to systems, data, and information assets is restricted to authorized individuals based on the principle of least privilege. User access is granted based on job roles and responsibilities.
  • Data Encryption: Sensitive data is encrypted both in transit and at rest using industry-standard encryption algorithms and protocols.
  • Network Security: We employ firewalls, intrusion detection and prevention systems, and other network security controls to protect our network infrastructure from unauthorized access and malicious activities.
  • Endpoint Security: All endpoints, including laptops, desktops, and mobile devices, are equipped with antivirus software, endpoint detection and response (EDR) tools, and other security measures to prevent malware infections and unauthorized access.
  • Security Awareness Training: All employees receive regular security awareness training to educate them about security best practices, phishing awareness, and the importance of safeguarding sensitive information.
  • Incident Response: Greycorpuk has established an incident response plan to effectively respond to and mitigate security incidents. This includes procedures for reporting incidents, containing threats, and restoring normal operations.

Physical Security:

  • Access Control: Physical access to our facilities is restricted to authorized personnel only. Access is monitored and controlled through the use of access cards, biometric authentication, and security guards.
  • Surveillance: We employ surveillance cameras and monitoring systems to monitor our facilities and deter unauthorized access or suspicious activities.

Third-Party Security:

  • Vendor Management: Greycorpuk conducts due diligence assessments of third-party vendors and contractors to ensure they adhere to security best practices and comply with our security requirements.
  • Contractual Obligations: We include security clauses and requirements in contracts with third-party vendors to protect our data and information assets.

Compliance and Audit:

  • Regulatory Compliance: Greycorpuk complies with relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR), where applicable.
  • Internal Audits: We conduct regular internal audits and security assessments to evaluate the effectiveness of our security controls and identify areas for improvement.

Policy Review and Updates:

This Security Policy will be reviewed and updated periodically to ensure its continued effectiveness and relevance to Greycorpuk’s security posture.

Contact Us:

If you have any questions or concerns about our Security Policy or our security practices, please contact us at:

Greycorpuk Ltd

Email: office@greycorp.co.uk