GDPR Policy
Executive summary
Infosec Cloud welcomed the introduction of the GDPR in May 2018. Infosec Cloud has always taken all information security seriously, including that of personal data, regardless of whether Infosec Cloud is acting as a processor or a controller.
All data storage platforms are physically located in the UK, plus the company only utilises hosting facilities based in the UK and Germany.
In terms of the GDPR, Infosec Cloud was certified to IASME GDPR accreditation level prior to the May 2018 date for introduction of the regulation.
As such, our customers, partners, suppliers and employees can be confident that they are dealing with a fully compliant GDPR business and platform provider.
Infosec Cloud is happy for customers, partners and suppliers to request information detailing both how our platforms, and Infosec Cloud as an organisation, are fully compliant with all aspects of the GDPR.
Assessment
Infosec Cloud provides GDPR consultancy services and both internal and external experts are assisting in assessing every article of the GDPR. The company’s activities and products have been matched against all 99 articles.
Infosec Cloud considers the following regulations specific to our organisation:
- A data controller of its own employee data
- A data controller or processor of third-party data such as activity relating to IT Security Reseller operations
- A Software as a Service (SaaS) supplier
- A business that provides Managed Service Provisions
Customers, partners and suppliers that have questions in respect to the company’s GDPR compliance should email the Infosec Cloud DPO (dpo@focusgroup.co.uk).
Activity
Following a detailed assessment, Infosec Cloud amended, as necessary, all activities and associated policies and procedures to fully comply with the GDPR.
Infosec Cloud has updated all customer, partner and supplier contracts including the relevant Article 28 Addendum (available on request). This is to ensure the GDPR reaches throughout the supply chain and business eco-system.
Infosec Cloud carries out Privacy Impact Assessments as necessary.
Infosec Cloud has educated all employees with respect to their GDPR responsibilities. This includes training videos and quizzes to ensure awareness. We can provide this service to our customers as well.
The Infosec Cloud websites are continually updated so that contacts and customers have the assurance that their personal data is processed in accordance with the GDPR requirements. Websites and other on-line portals, such as the CSA service platform, will clearly display the company’s privacy policies.
The CSA service platform is continually being fully reviewed and will be amended as required. The solution is already compliant under the guidance of Infosec Cloud’s secure access and hosting requirements.
Infosec Cloud maintain accreditations, such as Cyber Essentials Plus that demonstrate the company’s commitment to information security, including protecting all personal and sensitive data.