Information Security Policy

This information security policy outlines how we protect our IT assets and with it the data that we process and hold on behalf of our customers.

Mediaburst is committed to keeping your data safe. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws including the Data Protection Act 1998.

Objectives and Scope

Objectives

The objectives of Mediaburst’s Information Security Policy are to preserve the integrity and availability of IT systems and keep confidential the information held within them.

Scope

The policy applies to all hardware, software, information, networks, applications, and locations where mediaburst carries out data processing.

Responsibility

Ultimate responsibility for information security rests with the Directors of mediaburst, and, as mediaburst is a small company, on a day-to-day basis the Directors shall be responsible for managing and implementing the policy and related procedures.

Each member of staff is responsible for the security of the information systems they use, and is aware of their obligation to work within information security procedures and maintain data confidentiality and integrity.

Legislation

Mediaburst is obliged to abide by all relevant UK and European Union legislation.

The requirement to comply with this legislation is spread to employees and agents of mediaburst. Any employee or agent may be held personally accountable for any breaches of information security for which they may be held responsible.

Mediaburst shall comply with the following legislation and other legislation as appropriate:

The Data Protection Act (1998)
The Data Protection (Processing of Sensitive Personal Data) Order 2000.
The Copyright, Designs and Patents Act (1988)
The Computer Misuse Act (1990)
The Health and Safety at Work Act (1974)
Human Rights Act (1998)
Regulation of Investigatory Powers Act 2000
Freedom of Information Act 2000

Policy Framework

Access Control

Only authorised personnel who have a justified and approved business need shall be given access to restricted areas containing information systems or stored data. This includes IT equipment located in our computer room in Alderley Edge, or our external data centres in Manchester or Derby.

Equipment Security

In order to minimise the risk of loss or damage to IT assets, equipment shall be physically protected from threats and environmental hazards.

Protection from Malicious Software

The organisation shall use antivirus software and management procedures to protect itself against the threat of malicious software. All staff shall be expected to co-operate fully with this policy.

Monitoring System Access

An audit trail of system access and data use by staff shall be maintained.

Business Continuity Plans

The organisation shall ensure that business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks.

Privacy

Mediaburst will only collect information necessary to provide the services we offer. This includes name and contact information for customers, and contact information including mobile phone numbers belonging to contacts of customers.

Mediaburst will not share or pass any personal or confidential information to any third party unless required to do so to provide the services we offer.

Mediaburst may contact you for the following reasons:

• In relation to the functioning of any service you have signed up for in order to ensure that mediaburst can deliver the services to you.
•  Where you have opted to receive further correspondence.
• For marketing purposes unless you have instructed us to the contrary.

We will keep your information confidential except where disclosure is required by law (for example to government bodies and law enforcement agencies).

Get in touch

As always, if you have any specific concerns or would like further reassurance then please get in touch.

Contact us