The council will strive to ensure that any personal data in its care will be kept safe and secure. In order to prevent unauthorised access, loss, destruction or theft, we have assessed our information security risk and put in place appropriate technical, physical and managerial procedures to safeguard the information that we process this includes encryption of our computer systems and the backup of systems to ensure we can restore access to personal data in the event of an incident.
Our security measures are regularly tested and reviewed to ensure they remain effective, and we act on the results of those tests where they highlight areas for improvement. They are also reviewed in light of new risks or guidance from the ICO or the National Cyber Security Centre (NCSC).
We ensure that any data processor we use also implements appropriate technical and organisational measures to secure your personal data.
We have an information security policy and take steps to make sure the policy is implemented. Where necessary, we have additional policies and we ensure that controls are in place to enforce them. We make sure that we regularly review our information security policies to ensure they are based on established frameworks (e.g. Cyber Essentials, ISO 27001) and, where necessary, improve them.