Our robust information security policies 

Our team

All employees are required to sign that they agree to protect the confidentiality of information, both during and after their employment. 

Background verification checks are carried out on all candidates for employment. All employees are required to complete Data Protection, Fraud Awareness and Information Security training annually. 

Physical and environmental measures 

We have a number of physical and environmental security measures in place.

Critical or sensitive information processing facilities are housed in secure areas, protected by defined security perimeters, with appropriate security barriers and entry controls to prevent unauthorised physical access, damage and interference to the organisation’s premises and information.

Security perimeters such as alarms, CCTV, entry fob controlled gates and doors and manned reception desks are used to protect areas that contain information processing facilities. User restrictions are in place to prevent the unauthorised use of removable storage devices.

All visitors to the Scottish Braille Press must be signed in and accompanied at all times.

Document storage

Sensitive documents are stored securely situated within a secure, restricted access area under CCTV cameras. The entire building is protected by a monitored alarm system.

All master files are stored on secure servers located within a secure server room, with restricted access, equipped with an alarm system and networked digital camera. There is a remote dual firewall in place securely operated and managed by our ISP.  

Data protection

All proofing copies and paper waste is securely shredded in-house each afternoon at close of business using the in-house shredding facilities.  All customer sensitive system data is purged after 90 days.

Our Accreditations

We have the following accreditations: Cyber Essentials, ISO 27001, ISO 9001, ISO 14001 and PCI-DSS:

Cyber Essentials

Image
Cyber security image

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

 

 

 

 

 

 

 

PCI-DSS

PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. This is achieved through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data. 

 

Image
iso 27001

 

ISO 27001

Since 2015 we have achieved ISO 27001 accreditation in recognition of our information security systems. ISO27001 is an internationally recognised best practice framework for an information security management system. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Image
ISO 9001

 

ISO 9001         

ISO 9001 is the internationally recognised Quality Management System (QMS) standard designed to be a powerful business improvement tool.   

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Image
ISO 14001

 

ISO 14001

ISO 14001 helps businesses of all sizes across all sectors make their day to day operations more sustainable.