Keeping sensitive and personal data secure is our priority
Information security is important to any organisation that stores, processes, transfers and uses personal information. If this information is lost or corrupted it can have serious consequences.
With highly sensitive payroll information, the need for a water-tight framework of policies and procedures that include all legal, physical and technical controls is essential as part of the information risk management processes.
We are committed to ensuring that all information is safeguarded from loss, unauthorised access or misuse whether that information is owned by the organisation, clients of the organisation, or users of services provided by the organisation.
We have therefore chosen to implement an Information Security Management System (ISMS) which uses ISO27001:2013 as a framework for protecting information it holds.
The framework has been designed to maintain Confidentiality, Integrity and Availability of information assets and provide effective risk management and ensures that:
- Information will be protected and controlled against unauthorised access or misuse.
- Confidentiality, Integrity and Availability of information and information assets will be assured.
- Risks posed to the organisation will be understood and controlled.
- Regulatory, contractual and legal requirements will be complied with.
- Physical, logical, environmental and communications security will be maintained.
- Operational procedures and responsibilities will be maintained.
- All information security issues (Events, Incidents and Weaknesses) will be reported and investigated through appropriate channels.
Achieving accredited certification to ISO27001 demonstrates that Dataplan is following information security best practice, and delivers an independent, expert assessment of whether our data is adequately protected.
Going even further with ISAE3402 External Audit
As part of our framework of policies and procedures Dataplan undertakes an ISAE 3402 Type 2 Service Organisation Control report.
This is undertaken by external, independent auditors and is designed to give the users of a Service Organisations, our clients, assurance over the design, implementation and operating effectiveness of the internal controls.