Security Policy
Last updated: 09 August 2025
Contents
1. Security Approach
2. Technical & Organisational Controls
3. Third‑Party Providers
4. Incident Response
5. User Responsibilities
6. Security Contact
1. Security Approach
We protect the confidentiality, integrity and availability of our systems and data using a risk‑based approach aligned with industry good practices.
2. Technical & Organisational Controls
- Encryption: TLS for data in transit; encryption at rest for sensitive data with our providers.
- Access control: Role‑based access, least privilege, and multi‑factor authentication for admin systems.
- Secure development: Change control, code review, and dependency management.
- Vulnerability management: Regular patching and security updates.
- Logging & monitoring: Activity logs and anomaly detection.
- Backups & resilience: Provider‑managed backups and high availability where applicable.
- Awareness: Staff training on data protection and security practices.
3. Third‑Party Providers
We vet vendors for security, confidentiality and data protection. Where data leaves the UK, we use appropriate transfer safeguards (e.g., IDTA/SCCs).
4. Incident Response
We operate an incident response process to assess, contain and remediate security events. Where required, we notify affected users and the ICO without undue delay.
5. User Responsibilities
- Use strong, unique passwords and keep credentials confidential.
- Enable multi‑factor authentication where available.
- Report suspected security issues to us immediately.
6. Security Contact
Report a security concern: business@cyberpathinsight-uk.com | Tel: +44 730 999 6080.
This page summarises our web security posture and does not grant any warranty or contractual commitment.