Any hard drives and portable devices (such as laptops) that contain customer data are protected by full disk encryption and strong passwords.
In addition all of our servers and services are regularly updated with security patches and other necessary updates.
Permission to access and administer client data is granted on a per client basis.
Administrator access is restricted to specific authorised persons who have signed appropriate data processing agreements with Northbridge Digital, have received appropriate training, and are familiar with this security policy.
All personal data received from clients (such as exports from legacy systems) is stored on encrypted drives which are reviewed and when that data is no longer needed deleted on a monthly basis.
In the event of a personal data breach, our response will be informed by, and in line with, the guidance on Personal data breaches published on the ICO website (https://ico.org.uk).
Oliver Gibson, Director of Northbridge Digital, is responsible for implementing and reviewing this security policy.
This policy was last reviewed on the 26th of February 2022. The next review is due on the 26th of February 2023.