Policy Brief And Purpose
TFix is committed to safeguarding the confidentiality, integrity, and availability of all information assets under its control. We recognise that information security is essential for protecting client data, maintaining trust, and ensuring compliance with applicable legislation and industry standards. This policy sets out how we manage information securely across our operations.
Our Commitment
TFix complies with UK GDPR, the Data Protection Act 2018, and recognised information security principles such as those in ISO 27001. We implement appropriate physical, technical, and organisational measures to protect against unauthorised access, loss, misuse, or disclosure of data. Access to systems and data is restricted to authorised personnel only, and controls are applied in line with the sensitivity of the information.
Roles And Responsibilities
Managers are responsible for ensuring information security considerations are built into planning and day-to-day operations. Employees and subcontractors must handle all information securely, use only authorised systems and devices, and follow established security procedures. All staff are trained in good security practices, including password management, phishing awareness, and secure handling of client data.
Incident Response
Any actual or suspected breach of information security must be reported immediately to management. Incidents will be investigated promptly and corrective action taken to reduce impact and prevent recurrence. Clients will be informed where required by law or contract.
Continuous Improvement
TFix regularly reviews its information security measures, systems, and procedures to ensure they remain effective and up to date with evolving threats and regulations. Lessons learned from incidents, audits, and client feedback are incorporated into ongoing improvements.