|
 |
|
|
|
 |
|
|
Investigator Direct (Operations) Ltd Information Security Policy General In its handling of personal information, Investigator Direct (Operations) Ltd will maintain the firm standards of security, integrity and privacy which are to be expected of an investigative company whose relationships with its clients and staff are governed by a principle of utmost confidentiality. Personal information is held by Investigator Direct (Operations) Ltd on trust. It is our responsibility to ensure that that it is confidential, safe and correct. This policy covers all information held by Investigator Direct (Operations) Ltd, whether in electronic form or otherwise. All staff and agents in the employ of Investigator Direct (Operations) Ltd are required to observe it. Our handling of personal information is governed by our Notification under the Data Protection Acts; and by the Investigator Direct (Operations) Ltd Personal Data and Privacy Policy. It is the responsibility of management level staff, be they consultants to Investigator Direct (Operations) Ltd or permanent staff members to ensure that the provisions of this Policy are made known to the Agents they supervise, and that each consultant and/or staff member understands precisely what he or she must do in order to carry it out. Personal information held on computers Access to the information held by Investigator Direct (Operations) Ltd shall be denied to anyone who is not either a consultant approved specifically in writing by a Director or an Officer of the Company or a member of its staff. The systems and the information handling software shall be configured to ensure this. Nor shall personal information from Investigator Direct (Operations) Ltd be transmitted to other people, except as specified in the Personal Data and Privacy Policy. Reports to external organisations and or Agents on the activities of Investigator Direct (Operations) Ltd shall not refer to individuals by name, unless so required in the course of reporting in that the individual is required to be named and that by doing so, it is relevant to the report. Information held by Investigator Direct (Operations) Ltd may be accessed by approved persons only through pre-prescribed and agreed processes as set out by the Officers of the Company. These will ensure that only the information appropriate for each Consultant and/or staff member can be seen. Members of staff whose duties include the maintenance of electronic records and its software are exempt from this requirement; they are required to keep confidential the personal data they encounter. All Consultants and/or Agents are required to sign a confidentiality agreement, legally binding in law to ensure that all information passed between Investigator Direct (Operations) Ltd and its consultants and/or agents remains completely confidential. All computers whether mobile or otherwise housing collected information shall be kept in secure conditions - which is to say either within a locked building, or within sight in the case of mobile equipment of the user at all times. The information contained on such equipment shall be backed up to CD-RW or similar medium each working day. On a weekly basis, two backup copies shall be made and one shall be transferred to Investigator Direct (Operations) Ltd’s Head Office. Other information held on computers The treatment of data, including users' data, held on the Investigator Direct (Operations) Ltd systems, including external internet hosting companies, shall be treated as confidential as defined by the external companies own Information Security Policy where applicable and no warranty is made of information held outside of our control. All files held on computers will be protected from interference by other parties by means of a careful use of up to date firewall, anti-hacking software and anti-virus software which must be updated on a regular basis. Consultants, Agents and Staff will be required to protect their systems from outside interference by prohibiting access by use of a password consisting of three letters and three numbers in any order. Access to the systems shall be barred to anyone who is not properly advised to Investigator Direct (Operations) Ltd and who has failed to or not been supplied with a confidentiality agreement legally binding them to confidentiality. A person may only be allowed access if they are approved by the Director of Investigator Direct (Operations) Ltd. Registration of users, communication of passwords, access control, etc, shall follow the best industry practice. Personal information held elsewhere It is the responsibility of all consultants, agents and staff to ensure that personal information about any subject of investigation and/or consultant, agent and/or staff member is protected and their privacy maintained. This applies as much to information held on paper, or elsewhere, as to information held on computer. No such information shall be shown to any person outside of Investigator Direct (Operations) Ltd. Personal data which is not currently in use shall at all times be securely locked away. It shall be regarded as part of the professional ethic of our consultants, agents and staff that information about Investigator Direct (Operations) Ltd and those that are employed, directly and/or indirectly, which we come by in our work is not to be passed to any third party. All Consultants, Agents and Staff are required to ensure that they live up to this standard. |
|
|
