Mobile devices with Windows operating systems will use full disk encryption to protect data at rest.
Next generation firewall technology with deep packet inspection and intrusion detection monitoring technology will be used to secure the external perimeter of Aggregates ‘R’ Us network.
Commercial grade anti-virus software will operate on all Windows operating systems.
Staff will be regularly reminded of security related risks to maintain awareness levels and an understanding of the risks associated with IT use.
Suppliers of IT Services will be selected based on their security credentials and attainment of a recognised security certification.
All Windows operating systems will be security patched within 1 month of the release of the security patch.
All Aggregates ‘R’ Us data will reside in the UK.
All key business records will be protected from deletion and disasters with a maximum risk of data loss of 24 hours.
The use of strong passwords will be enforced on the network.
The support of the Aggregates ‘R’ Us systems will be provided by a supplier with the following security capabilities:
ISO27001 certification
The hosting of the Aggregates ‘R’ Us data centre will have the following minimum specifications:
ISO27001 certification for the operation of the data centre facility
On-site secondary power generation
Uninterruptible Power Supply system giving 100% power availability without disruption
24 hour security personnel presence
CCTV externally and internally
Redundant climate control system
Protection against data loss and typical major threats such as fire where the maximum risk of data loss will be 24 hours.
