Data security

The council strives to ensure that any personal data in our care will be kept safe and secure. To prevent unauthorised access, loss, destruction or theft, we have assessed our information security risk and put in place appropriate technical, physical and managerial procedures to safeguard the information that we process. This includes encryption of our computer systems and the backup of systems to ensure we can restore access to personal data in the event of an incident.

Our security measures are regularly tested and reviewed to ensure they remain effective. We act on the results of those tests where they highlight areas for improvement. They are also reviewed in light of new risks or guidance from the ICO or the National Cyber Security Centre (NCSC).

We ensure that any data processor we use also implements appropriate technical and organisational measures to secure your personal data.

We have an information security policy and take steps to make sure the policy is implemented. Where necessary, we have additional policies and we ensure that controls are in place to enforce them.

We regularly review our information security policies to ensure they are based on established frameworks, such as Cyber Essentials ISO 27001, and where necessary, improve them.

Page last updated: 1 May 2024