Security Policy

Purpose

This Security Policy sets out the measures and controls in place to protect the confidentiality, integrity, and availability of data, systems, and assets managed by R&E Outsourcing. It applies to all staff, contractors, clients, and third-party partners who handle our information or access our systems, ensuring compliance with UK and EU data protection and cybersecurity laws.

Record and Entry (R&E) Outsourcing
Website: www.recordandentry.com
Email: info@recordandentry.com
Telephone: +44 208 145 3355
Address: Ability House, 121 Brooker Road, Waltham Abbey, Essex, EN9 1JH, United Kingdom
Owned and operated by: Outsource Professional Directors (OPD) Limited
Director: Sarah Santeng
Responsible for Policies and Statements: Sarah Santeng

1. Scope

This policy covers:

• Physical security of premises and assets.

• Digital and network security.

• Data protection and privacy in compliance with the UK GDPR and the Data Protection Act 2018.

• User access controls and authentication.

• Incident management and breach reporting.

2. Security Principles

We are committed to:

• Confidentiality: Ensuring information is only accessible to authorised individuals.

• Integrity: Safeguarding information from unauthorised changes or destruction.

• Availability: Ensuring authorised users have timely and reliable access to required information.

3. Physical Security

• Access to R&E Outsourcing premises is restricted to authorised personnel.

• Visitors must be signed in, supervised, and display visitor identification at all times.

• Physical documents containing sensitive information are stored securely and disposed of via secure shredding.

4. Digital and Network Security

• Firewalls, anti-virus software, and intrusion detection systems protect our IT infrastructure.

• Strong password policies and multi-factor authentication are enforced.

• Data is encrypted during transmission and, where applicable, at rest.

• Regular system updates and security patches are applied promptly to mitigate vulnerabilities.

5. Data Protection and Privacy

• We comply fully with the UK GDPR and the Data Protection Act 2018.

• Personal and client data is processed only for lawful purposes and retained for the minimum necessary period.

• Access to personal and business information is restricted to authorised personnel with a verified business need.

• Data sharing with third parties occurs only under formal agreements with appropriate safeguards.

6. Access Control

• Access to systems and data is granted strictly on a need-to-know basis.

• User accounts are reviewed regularly and revoked immediately upon staff departure.

• Privileged accounts are monitored for unusual activity.

7. Security Awareness and Training

• All employees receive regular training on cybersecurity, phishing prevention, and secure data handling.

• Security responsibilities are embedded in job descriptions and performance reviews.

8. Incident Management

• Any suspected or confirmed security incident must be reported immediately to the Security Officer (Sarah Santeng).

• We have documented procedures for containment, investigation, and recovery following a breach.

• Where required, affected parties and relevant authorities will be notified promptly.

9. Monitoring and Review

• Security measures are reviewed at least annually or following significant changes to systems, operations, or threats.

• This policy works alongside our Privacy Policy, Cookies Policy, and Data Protection Policy to ensure comprehensive compliance.