IT Security Policy

IT Security Policy

Theori Housing Management Services Limited IT SECURITY POLICY – May 2018

System security
Server:
Our server is protected with a complex password and is situated in a secure server cabinet within our office.
User logins:
Staff and contractors have user accounts and log in (to access documents in shared folders on our server) using individual, complex passwords. Each user has an email account that has a separate password. No passwords are shared outside the organisation. Any accounts no longer in use are disabled.

Internet connection:
Our internet connection is secured via a Draytek firewall, and individual firewalls on our server and on our PCs, as well as via our anti-virus software.

Protection against viruses and malware:
We maintain up to date anti-virus software and our server and PCs are maintained by our IT support provider.

Keeping devices and software up to date:
PCs are kept up to date and PCs are automatically updated with Microsoft security patches.

Data security
Documents containing personal data:
Documents containing information about case studies are encrypted with passwords (with passwords sent in separate emails). Documents containing information about staff are in a restricted-access folder on our server (only accessible by Senior management).

Deleted files:
When files are deleted from our server, it is not possible to retrieve them…

On-Line Back Up:
All data is stored in an encrypted state within the UK. Our three replicated data centres located, London, Leeds and Manchester. All our DC’s are owned by Equinix (used to be Telicity) who have the following accreditation’s
Security management All of our data centres have been awarded the ISO 27001 standard for security
management. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of an organisation’s overall business risks. Ultimately, the standard ensures best practice for security controls to protect information
assets.

Quality management
All of our data centres have achieved the ISO 9001 standard for business quality management. It is applied to the processes that create and control the products and services that we supply and prescribes systematic control of activities to ensure that the needs and expectations of customers are met. The standard demonstrates the existence of an effective
quality management system that satisfies the rigors of an independent, external audit.

Environmental Management
All of our data centres have achieved certification to ISO 14001, the environmental management system standard. ISO 14001 is an internationally-recognized accreditation for organisations that demonstrate superior environmental management. The certificate highlights our ongoing commitment to both maximize the energy efficiency of its existing
data centre estate and develop innovative new facilities.

Occupational Health and Safety Management We have achieved certification to OHSAS 18001, the assessment specification for occupational health and safety management systems. This validates companies that show excellence in health and safety performance and demonstrates the leadership to reduce risk and create an injury-free workplace.

Business Continuity Management
Our UK data centres have achieved certification to ISO 22301, the business continuity management system standard. This internationally recognised certification requires organisations to plan, establish, implement, operate, maintain, review and continually improve a Business Continuity Management System to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

Energy Management
All data centres have achieved certification to ISO 50001. The purpose of this International Standard is to enable organisations to establish the systems and processes necessary to improve energy performance, including energy efficiency, use and consumption.

Emails:
All emails are hosted by our IT Services provider which use SSL encryption for the communication of emails from the client (Outlook, Smart Phones etc.) to the hosted server when sending or receiving emails. Further encryption can be provided by the individual documents through Word or Excel depending on requirements.

WHY CHOOSE Theori

ACHIEVE THE HIGHEST RENTS
24 HOUR MAINTENANCE
MONTHLY INSPECTIONS