1. Purpose

​

To ensure the confidentiality, integrity, and availability of information handled by the Company.

​

2. Scope

​

Applies to all systems, data, devices, and processes used in the provision of services.

​

3. Access Control

​

• Access to systems and data is restricted to authorised personnel

• Access is granted based on business need and role

​​

4. Security Controls

​

The Company maintains appropriate technical and organisational measures, including:

​

• Secure access controls

• Password protection and authentication measures

• Controlled data storage environments

​​

5. Data Handling

​

• Data shall only be accessed where necessary

• Unauthorised copying, sharing, or transfer is prohibited

​​

6. Device Security

​

All devices used in connection with Company services must be maintained in a secure manner to prevent unauthorised access.

​

7. Incident Management

​

Security incidents shall be:

​

• Reported without delay

• Investigated and addressed appropriately

​​

8. Third-Party Systems

​

The Company takes reasonable care in selecting systems but shall not be liable for third-party failures or outages.

 

9. Governance

​

This policy is reviewed periodically and updated as required.

​

10. Limitation & Hierarchy

​

Nothing in this policy creates any additional liability beyond that set out in the Company’s Terms & Conditions of Service.

​

In the event of any conflict, the Terms & Conditions shall prevail.