Security Policy

Where Ctrl-X Digital Ltd have access to data stored online i.e. WordPress, MailChimp or other online service:

  • Strong passwords will always be used.
  • Passwords are stored in a secure password management system.
  • The password system is only accessible to Ctrl-X Digital Ltd staff.
  • Separate logins for accounts and services will be used to control access.
  • Where a there is shared login, passwords will changed on a regular basis.
  • No client data will be downloaded or stored except for operational reasons.
  • Any downloaded client data will be deleted once the task is complete.
  • Work on client sites and accounts will only be via a secure network connection.
  • All life-expired equipment is securely wiped of all information.
  • IT support companies have access to the Ctrl-X Digital Ltd network drives and online system only to provide technical support.
  • Ctrl-X Digital Ltd network drives are housed in a restricted area which is:
    • accessible during office hours.
    • locked during out of office hours.
  • Ctrl-X Digital Ltd staff have access to the network drives and online system.
  • Personal data is not stored on removable media.
  • Support agreements are in place with the following companies:
    • UKWSD
    • FreeAgent
    • UpTime Robot

Secure Data Transfer and Storage

Data transfer of customer information between Ctrl-X Digital Ltd and the client and vice versa should occur in the following ways:

  • By email as a password protected attachment.
  • Password to be provided by telephone, SMS or secure single use digital message.
  • By telephone to relevant staff with the client’s explicit consent.
  • By hand in sealed envelopes and handed over personally to designated users.

On site data will be securely stored:

  • As appropriate on network drives and online systems with controlled and password access, and secure encryption in place (if online).
  • Personal or sensitive data will not be made available on removable media