What action are we taking to prepare for the GDPR?
We are committed to compliance with personal data laws and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with GDPR.
It is important to note that some elements of the legislation are still under consultation or guidance is still being issued so at the moment no organisation can state that it is fully GDPR compliant.
SBS is contacting partners, suppliers and subcontractors to obtain evidence of their compliance but we understand everyone is in the same situation and working to the deadline, so request that extra time is given for this element of the legislation.
How secure are our systems?
SBS has performed full risk assessments on all systems and are working through any areas identified for improvement, but are fully confident we have not uncovered any serious threats.
SBS keeps a non-conformance log of any threats and carry out root cause analysis of all incidents, large or small, and devise immediate and long-term corrective actions.
What technical and organisational security measures do we have in place to protect personal data?
SBS takes data protection very seriously. The systems we use to store customer data have secure access controls, they are password protected with varying levels of access to sensitive information. We have a comprehensive business continuity and disaster recovery plan in place. SBS staff are required to adhere to strict access controls including the physical security.
For further information, customer data processing addendum, or to update any of your contact details please email firstname.lastname@example.org SBS has been accredited with ISO 27001 information security management systems since 2015. The current certificate can be accessed here. We are also planning our Cyber Essentials accreditation.
The SBS Environmental and Information Security policy is available on request.