Security Policy

Where Ctrl-X Digital Ltd have access to data stored online:

• Separate logins for accounts and services will be used to control access.
• Strong passwords will be used.
• Passwords saved in a secure password management system.
• Password are accessible to Ctrl-X Digital Ltd staff.
• Where a there is shared login, passwords should changed on a regular basis.
• No client data will be downloaded or stored except for operational reasons.
• Any downloaded client data will be deleted once the task is complete.
• Work on client sites and accounts will be via a secure network connection.
• All life-expired equipment is securely wiped of all information.
• IT support companies have access to the Ctrl-X Digital Ltd network drives and online systems only to provide technical support.
• Ctrl-X Digital Ltd network drives are housed in a restricted area which is:
  • accessible during office hours.
  • locked during out of office hours.
• Ctrl-X Digital Ltd staff have access to the network drives and online system.
• Personal data is not stored on removable media.
• Support agreements are in place with the following companies:
  • UKWSD
  • FreeAgent
  • UpTime Robot

Secure Data Transfer and Storage

Data transfer of customer information between Ctrl-X Digital Ltd and the client and vice versa should occur in the following ways:

• By email as a password protected attachment.
• Password to be provided by telephone, SMS or secure single use digital message.
• By telephone to relevant staff with the client’s explicit consent.
• By hand in sealed envelopes and handed over personally to designated users.

On site data will be securely stored:

• As appropriate on network drives and online systems with controlled and password access, and secure encryption in place (if online).
• Personal or sensitive data will not be made available on removable media