We need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you.
We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
Peer Group plc currently does, and will continue to, manage their IT systems in such a way as to ensure compliance with the expected standards.
This policy describes the measures in place to protect the security of your data
We have a policy in place with our employees, workers and contractors under which they must handle personal data securely
A copy of the policy can be obtained from the Data Protection Manager and paragraph 9 of it refers
All new devices are fully patched and bought up to date prior to being introduced to the network; firmware is upgraded to latest version. Default passwords are changed and replaced with new passwords with appropriate levels of complexity and avoiding guessable combinations.
External access to the network is protected by a secured firewall. Only traffic on necessary ports and services are allowed into the network and all other traffic is blocked by default. The policy settings are regularly reviewed and unnecessary or redundant services are removed promptly.
We restrict access to the system to users that are trusted. Each user must have and use their own username and password and has only the permissions appropriate to their role. Administrator level accounts are used only where necessary. Complex passwords are enforced, we limit the number of failed login attempts and passwords are changed and access is cancelled immediately if a staff member leaves the organisation.
All servers and workstations are protected by software that monitors for malicious programs and activity. Computers are scanned actively, internet access and websites are monitored and definitions are updated automatically on a daily basis. All activity is recorded and monitored centrally.
Security updates are automatically pushed to all workstations on the network, updates for windows operating systems and applications are automatically installed and computers restarted where necessary. The system is regularly checked to ensure correct operation and any issues resolved.
Company data is backed up on a nightly basis to local drive storage, on a weekly basis full images of the servers are taken and data backed up to removable drives that are stored offsite. The system is shortly to be extended to improve the quality and availability of off-site backups
Security software is checked for messages and alerts, access control logs are available for review and recording data constantly from the system and any alerts that are issued by these services are acted upon.
We run regular vulnerability scans and network tests on the systems for known vulnerabilities, any vulnerabilities identified are acted upon.