Section outline

  • The Company has robust objectives and controls in place for preventing security incidents and for managing them if they do occur. The Company utilises systems, personal data, and technology in the course of its business and as such is at risk of security incidents. We recognise that whilst we take every care with our systems, security, and information, risks still exist when using technology and being reliant on human intervention, necessitating defined measures and protocols for handling any incidents or breaches. 

    We carry out frequent risk assessments and gap analysis reports to ensure that our compliance processes, functions, and procedures are fit for purpose and that mitigating actions are in place where necessary, however, should there be any security incidents, we are fully prepared to identify, investigate manage and mitigate with immediate effect and to reduce risks and impact. 

    The Company has the below objectives with regard to Security Incident Management: - 

    • To implement Security Incident Procedures for handling any type of security issue 

    • Appointing an Incident Project Manager to handle any security incidents 

    • To maintain a robust set of compliance procedures that aim to mitigate risks and provide a compliant environment for trading and business activities 

    • To develop and implement strict compliance breach and risk assessment procedures that all staff are aware of and can follow 

    • To ensure that any data breaches are reported to the correct regulatory bodies within the timeframes as set out in their code of practice or handbooks 

    • To use breach investigations and logs to assess the root cause of any breaches and to implement a full review to prevent further incidents from occurring 

    • To use the Compliance Breach Incident Form for all data breaches, regardless of severity so that any patterns in causes can be identified and corrected 

    • To comply with regulating bodies and laws on compliance breach methods, procedures, and controls 

    • To protect consumers, clients, and staff – including their data, information, and identity 

    The Companies Security Incident Procedures and Data Breach Course can be taken as part of this group of courses.