3stepIT Sustainability Report 2019 - Page 27



Giving back
In the UK our sales team works closely with schools and charities to supply
them with high quality, refurbished IT equipment at affordable prices. It’s
an area of the business we’re really proud of because you can see the direct
impact we’re having by giving young people and disadvantaged members of
our communities’ access to technology and all its benefits. Last year, more
than 1,000 laptops reached our education partners and we have ambitious
targets to improve on that in 2020.
In a connected world, protecting sensitive information is a significant
challenge for all industries. It is particularly essential in our business,
where secure data removal from old IT equipment is vital.
For 3stepIT there are two information security challenges:
Scott Watson
Account Manager, Remarketing


What our customers say:
We work with 3stepIT to help us
source first-class technology without
breaking the bank. Their extensive
knowledge in this area takes the risk
out of buying refurbished hardware
for our school.
3stepIT are our go-to providers when
scoping out new projects. The staff
are extremely keen and helpful, with
excellent product knowledge. 3stepIT
allow us to keep on budget whilst
leveraging modern technologies.
All equipment arrives in ‘as new’
condition, with the peace of mind of
extended warranties - and always
fully functioning!
Information security
and data protection
Sami Khan
William Morris Sixth Form
Responsible destruction of data that is an integral part of the technology lifecycle management service we offer
Providing our services in a way that protects the confidentiality, integrity and availability of information
Our security accreditation
Security policies
Our approach to security includes administrative, technical and
physical controls to manage information security risks, prevent,
detect and respond to information security incidents, and to
assure business continuity.
All work related to information security is governed by Group
policies on privacy and security, performed in accordance with
the 3stepIT operational model and aligned to the company’s
reporting structure. These policies aim to control, facilitate,
implement and improve information security and privacy
measures throughout the organisation. Clients regularly query
how and where we store and secure data and approve our
processes.
3stepIT has established and implemented an Information
Security Management System which is ISO 27001 certified.
Information security governance is coordinated by the Group
Security and Privacy team and was renewed during 2019 to
remain compliant with up-to-date ISO standards on cyber
security and new company structures.
We use Blancco™ software to erase and overwrite data during
the used equipment refurbishing process. Blancco is the most
widely tested, certified and approved data erasure software,
chosen to give our customers complete peace of mind. If the
software cannot run on an item of faulty equipment, we use a
robust manual process, physically shredding hard drives or whole
devices. The refurbishing process creates an automatic dataerasure report for all devices. This is recorded in our asset tool to
give customers a complete data-destruction audit trail.
Stephen Hardy
Stowe Valley MAT
Internal and external audit
We periodically conduct internal and external audits to ensure
proper security and privacy organisation and deliver continuous
improvement. We passed a rigorous due diligence process,
including a data security audit measured against the standards
of a major European financial institution, in order to conclude our
partnership with BNP Paribas.
Responsible Marketing
Security training for our people
With 3stepIT, they always get us what
we need and they are honest from the
outset regarding available stock and
give us realistic delivery expectations.
People have the potential to be a security risk, through human
error. To mitigate this risk, we offer comprehensive training,
supported by technical security controls, to empower them to
become informed and engaged security advocates.
Michael Gobey
Jubilee High School
Annual information security and data privacy awareness
training is mandatory for all our people. This consists of
e-learning courses, refreshed and updated in 2019, and
complemented by facilitated lectures for important functions and
third parties.
To ensure responsible marketing and sales communications, we
produce communication materials centrally and review them
annually. The marketing team creates materials in collaboration
with the development team, especially product management.
Whether it is a fact sheet, brochure, information on our website,
or centrally managed PowerPoint materials, the facts are
independently checked before any item is finalised and published.
In 2019, there were no incidents of non-compliance concerning
product and service information or marketing communications.
We know our protection is only as secure as our weakest link,
so we review third party controls to prevent security being bypassed via a supplier or partner.
26
27

Paperturn



Powered by


Full screen Click to read
Paperturn flip book
Search
Overview
Download as PDF
Print
Shopping cart
Full screen
Exit full screen