SYS3 LIMITED
SYS3 Limited is a limited company registered in England under the number 04154104
COMMITMENT TO INFORMATION SECURITY
As a business, SYS3 takes data security and privacy extremely seriously. We process personal information on behalf of our customers and we also control the personal information of our own workforce. We are providing you with this Statement of Compliance with GDPR to help you fulfil your own duties as a data controller in respect of supplier due diligence.
INFORMATION SECURITY MANAGEMENT
SYS3 manages information security in-house in order to control its information assets and the information assets of it’s clients correctly.
Policies and Protocols
The above documents provide clarify in respect of:
-
Confidentiality
-
Clear screen policy
-
Monitoring of communications
-
Remote working
-
Data disposal
-
Data breach reporting
SYS3 Limited’s relevant policies and protocols help us to fully realise our commitment to lawful, fair and transparent data processing.
Guidelines & Training
SYS3 Limited commits to oversee the competence of all our human resources in respect of compliance with GFPR. This includes the issue and contractual and procedural documentation, as described above, as well as the implementation of training for all members of staff.
SYS3 Limited provides step by step guidelines for all service support tasks and activities.
Training is provided by SYS3 Limited management, in-house, to enable all employees and contractors to operate consistently.
Risk Assessment
SYS3 Limited has run an assessment to determine that our physical office environment, our IT systems, our personnel, our policies and our practices conform to the standards of the General Data Protection Regulation. This assessment has been extended to verify the GDPR conformity of our key suppliers too.
Our assessment includes a register of data, classifying the data that we hold, identifying where it is stored, and articulating where risks lie and how we can mitigate these. The establishment of this register allows SYS3 to respond rapidly, if required, to data access requests.
We operate a formal incident management process to identify, contain, and recover from a data breach, should one occur. Our employees are trained to report any suspicion of a data breach to our Data Protection Officer in line with our Data Protection Policy.
SUPPLIERS & THIRD PARTIES
Qualifying the compliance of key suppliers and third parties is essential to establishing our own Statement of Compliance with GDPR. Should any suppliers or third parties with whom we share personal information – either as data controllers or data processors – fail to evidence conformity to the requirements of GDPR (or fail to ameliorate their non-conformity under notice) we will terminate our relationship with them.
PHYSICAL SECURITY
SYS3 Limited commits to protecting data through appropriate physical measures, these can be broken down into:
Premises Access Control
Access to all our office environments is physically controlled during our business hours. Our premises are alarmed and a list of keyholders held at all times.
Server Access Control (Physical)
Servers, routers and other business critical equipment is stored securely.
Server Access Control (Digital)
Hosted (cloud) server access is via secure (SSL) connection. Passwords to confirm our password policy. Access to data is further restricted by IP Access.
All other systems where personal data is held are accessed either by MFA or secure passwords protected by a digital password vault. Remote access to servers is carefully managed and monitored with enhanced security protocols in place.
Portable Media
All portable media use by SYS3 Limited is subject to encryption and/or password control.
CYBER SECURITY
SYS3 Limited has committed to ensuring that cyber security remains at the forefront of our day to day business. Along with advanced security and protection software in-house, our range of data protection methods include Data Loss Prevention and the use of Secure File Transfer Protocols.