Policy Statement
The Company will ensure the protection of all information assets within the custody of the Business. High standards of confidentiality, integrity and availability of information will be maintained at all times.

 

Purpose
Information is a major asset that The Company have a responsibility and requirement to protect.

Protecting information assets is not simply limited to covering the stocks of information (electronic data or paper records) that the Organisation maintains. It also addresses the people that use them, the processes they follow and the physical computer equipment used to access them.

This Information Protection Policy addresses all these areas to ensure that high confidentiality, quality and availability standards of information are maintained.

​

The following policy details the basic requirements and responsibilities for the proper management of information assets at The Company. The policy specifies the means of information handling and transfer within the Business.

​

Scope
This Information Protection Policy applies to all the systems, people and business processes that make up the Business's information systems. This includes all Executives, Committees, Departments, Partners, Employees, contractual third parties and agents of the Organisation who have access to Information Systems or information used for The Company purposes.

​

Definition
This policy should be applied whenever Business Information Systems or information is used. 

Information can take many forms and includes, but is not limited to, the following:

•    Hard copy data printed or written on paper.
•    Data stored electronically.
•    Communications sent by post / courier or using electronic means.
•    Stored tape or video.
•    Speech.
 
Risks
The Company recognises that there are risks associated with users accessing and handling information in order to conduct official business.

This policy aims to mitigate the following risks:

•    The non-reporting of information security incidents.
•    Inadequate destruction of data
•    The loss of direct control of user access to information systems and facilities etc.

​

Non-compliance with this policy could have a significant effect on the efficient operation of the organisation and may result in financial loss and an inability to provide necessary services to our customers.

​

Applying the Policy
For information on how to apply this policy, readers are advised to refer to Appendix 1.

​

Policy Compliance
If any user is found to have breached this policy, they may be subject to [Organisation Name’s] disciplinary procedure. If a criminal offence is considered to have been committed further action may be taken to assist in the prosecution of the offender(s).

If you do not understand the implications of this policy or how it may apply to you, seek advice from the The Company data controller.

​

Policy Governance
The following table identifies who within The Company is Accountable, Responsible, Informed or Consulted with regards to this policy. The following definitions apply:

•    Responsible – the person(s) responsible for developing and implementing the policy.
•    Accountable – the person who has ultimate accountability and authority for the policy.
•    Consulted – the person(s) or groups to be consulted prior to final policy implementation or          .....amendment.
•    Informed – the person(s) or groups to be informed after policy implementation or amendment.

 

Responsible - Head of Information Services.
Accountable - Director of Finance. Consulted - Policy Department.
Informed - All Employees, All Temporary Staff, All Contractors.

​

Review and Revision
This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months. Policy review will be undertaken by the Head of Information Services.

Contact
Financial Agreement Solutions Limited at :

St. Andrews House,

11 Dalton Court,

Commercial Road,

Blackburn Interchange,

Darwen BB3 0DG.

 

Company registration number 9871235.

The Company records and processes personal information in accordance with the UK Data Protection Act 1998 and all other applicable UK privacy legislation.

​

Direct Marketing Material
The Company will use personal information to keep the data subject informed of products, services and events that The Company feel may be of interest. The data subject may at any time ask The Company to cease or not commence sending direct marketing material by contacting the The Company data controller at the address above under ‘Contact’.

​

Data Protection & Information Security
The Company process personal information in accordance with UK data protection and privacy legislation and follow strict security procedures for storing the personal information with which The Company have been entrusted to ensure that it is afforded an adequate level of protection.

From time to time The Company will employ third parties to process information on The Company behalf only. The same duty of confidentiality and security will apply to these third parties. We will not disclose or make any personal information available to a third party (otherwise than where indicated within this Privacy Policy without consent.
 
Data Storage
Information and records relating to service users will be stored securely and will only be accessible to authorised staff.

Information will be stored for only as long as it is needed or by required statute and will be disposed of appropriately.

It is  the responsibility of The Company to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed to a third party.

​

Data access and accuracy
All Individuals and/or Service Users have the right to access the information The Company holds about them.

The Company will also take reasonable steps ensure that this information is kept up to date by asking data subjects whether there have been any changes.

​

The Company will ensure that:
•    It has a Data Protection Officer with specific responsibility for ensuring compliance with Data .....Protection.

•    Everyone processing personal information understands that they are contractually responsible for .....following good data protection practice.
•    Everyone processing personal information is appropriately trained to do so.
•    Everyone processing personal information is appropriately supervised.

•    Anybody wanting to make enquiries about handling personal information knows what to do.

•    It deals promptly and courteously with any enquiries about handling personal information.

•    It describes clearly how it handles personal information.
•    It will regularly review and audit the ways it holds, manages and uses personal information.

•    It regularly assesses and evaluates its methods and performance in relation to handling personal .....information.
•    All staff are aware that a breach of the rules and procedures identified in this policy may lead to ....disciplinary action being taken against them.
 

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.

 

​The Company

​