3 Step IT Sustainability Report 2018 - Flipbook - Page 34
AND DATA PROTECTION
commercially sensitive information, with
everything and everyone connected, is a
significant challenge for industry generally.
We take information security seriously as
part of the lifecycle service we provide, and
the way we provide that service. Protecting
the confidentiality, integrity and availability
of information is critical if we are to build
relationships based on trust.
administrative, technical and physical controls:
first to manage information security risks,
secondly to prevent detect and respond to
information security incidents, and finally to
assure business continuity. The group has
achieved the ISO 27001 information security
standard and renewed certification in 2018.
We use Blancco™ software to erase data in
the used equipment refurbishing process.
Blancco is the most widely tested, certified
and approved data erasure software, chosen to
give our customers the highest possible level
of data-destruction assurance. If, for some
reason, the software will not run on a piece of
equipment, we use a robust manual process
instead. The process creates an automatic
data-erasure report for all devices, which we
report in our asset tool to give customers a
data-destruction audit trail.
We began work to ensure we complied with
the General Data Protection Regulation (GDPR)
and its implications. We trained our staff on
their GDPR responsibilities and completed the
readiness effort in time for the effective date in
The focus moved on to security in general. We
reviewed our current resilience; understand
the gaps between where we are today and
where we want to be in three years’ time;
and developed a prioritised plan. The Board
reviewed, approved and agreed the funding for
The human factor is generally a weak link in
any security effort. To mitigate this risk we
gave all employees training on the security
dangers that lurk in emails and phone calls,
and how to spot and avoid phishing threats.
Similarly, as our protection is only as secure
as the weakest link, we review third party
security to prevent a security by-pass through
a supplier or partner route.