IT security policy.

1.      Introduction  The confidentiality, integrity and availability of information, in all its forms, are critical to the ongoing functioning and good governance of Geeky Designs Ltd. Failure to adequately secure information increases the risk of financial and reputational losses from which it may be difficult for Geeky Designs Ltd to recover. This information security policy outlines Geeky Designs Ltd approach to information security management. It provides the guiding principles and responsibilities necessary to safeguard the security of the companies information systems. Supporting policies, codes of practice, procedures and guidelines provide further details. Geeky Designs Ltd is committed to a robust implementation of Information Security Management. It aims to ensure the appropriate confidentiality, integrity and availability of its data. The principles defined in this policy will be applied to all of the physical and electronic information assets for which the Geeky Designs Ltd is responsible. Geeky Designs Ltd is specifically committed to preserving the confidentiality, integrity and availability of documentation and data supplied by, generated by and held on behalf of third parties pursuant to the carrying out of work agreed by contract in accordance with the requirements of data security standard ISO 27001.  

1.1 Objectives The objectives of this policy are to:  

1. Provide a framework for establishing suitable levels of information security for all Geeky Designs Ltd information systems (including but not limited to all Cloud environments commissioned or run by Geeky Designs Ltd, computers, storage, mobile devices, networking equipment, software and data) and to mitigate the risks associated with the theft, loss, misuse, damage or abuse of these systems.

a. This explicitly includes any ISO27001-certified Information Security Management Systems the company may run. 

b. The resources required to manage such systems will be made available 

c.  Continuous improvement of any ISMS will be undertaken in accordance with Plan Do Check Act principles  

2.      Make certain that users are aware of and comply with all current and relevant UK and EU legislation.  

3.      Provide the principles by which a safe and secure information systems working environment can be established for staff, students and any other authorised users.  

4.      Ensure that all users understand their own responsibilities for protecting the confidentiality and integrity of the data that they handle.  

5.      Protect Geeky Designs Ltd from liability or damage through the misuse of its IT facilities.  

6.      Maintain research data and other confidential information provided by suppliers at a level of security commensurate with its classification, including upholding any legal and contractual requirements around information security.  

7.      Respond to changes in the context of the organisation as appropriate, initiating a cycle of continuous improvement.  

1.2 Scope 

This policy is applicable to, and will be communicated to, all staff and third parties who interact with information held by the Geeky Designs Ltd and the information systems used to store and process it. This includes, but is not limited to: Cloud systems developed or commissioned by Geeky Designs Ltd, any systems or data attached to the Geeky Designs Ltd data or telephone networks, systems managed by Geeky Designs Ltd, mobile devices used to connect to Geeky Designs Ltd networks or hold Geeky Designs Ltd data, data over which Geeky Designs Ltd holds the intellectual property rights, data over which Geeky Designs Ltd is the data

controller or data processor, electronic communications sent from the Geeky Designs Ltd.  

2. Policy  

2.1 Information security

principles The following information

security principles provide overarching governance for the security and

management of information at Geeky Designs Ltd. 


Information should be classified according to an

appropriate level of confidentiality, integrity and availability (see Section

2.3. Information Classification) and in accordance with relevant legislative,

regulatory and contractual requirements (see Section 2.2. Legal and Regulatory

Obligations). 2.                  

Staff with particular responsibilities for information

(see Section 3. Responsibilities) must ensure the classification of that

information; must handle that information in accordance with its classification

level; and must abide by any contractual requirements, policies, procedures or

systems for meeting those responsibilities. 


All users covered by the scope of this policy (see

Section 1.2. Scope) must handle information appropriately and in accordance

with its classification level. 4.                  

Information should be both secure and available to

those with a legitimate need for access in accordance with its classification

level. a. On this

basis, access to information will be on the basis of least privilege and need to know. 5.                  

Information will be protected against unauthorized

access and processing in accordance with its classification level. 6.                  

Breaches of this policy must be reported (see Sections

2.4. Compliance and 2.5. Incident Handling). 


Information security provision and the policies that

guide it will be regularly reviewed, including through the use of annual

internal audits and penetration testing. 


Any explicit Information Security Management Systems

(ISMSs) run within the company will be appraised and adjusted through the

principles of continuous improvement, as laid out in ISO27001 clause 10.  2.2 Legal &

Regulatory Obligations  Geeky Designs Ltd has a

responsibility to abide by and adhere to all current UK and EU legislation as

well as a variety of regulatory and contractual requirements. A nonexhaustive

summary of the legislation and regulatory and contractual obligations that contribute

to the form and content of this policy is provided in Appendix A. Related

policies will detail other applicable legislative requirements or provide

further detail on the obligations arising from the legislation summarised

below.  2.3 Information

Classification The following table provides a

summary of the information classification levels that have been adopted by

Geeky Designs Ltd and which underpin the 8 principles of information security

defined in this policy. These classification levels explicitly incorporate the

General Data Protection Regulation’s definitions of Personal Data and Special

Categories of Personal Data, as laid out in Geeky Designs Ltd Data Protection

Policy, and are designed to cover both primary and secondary research data.

Detailed information on defining information classification levels and

providing appropriate levels of security and access is provided in the Data

Classification Standard. Information on appropriate encryption techniques for

securing Confidential data can be found on the Geeky Designs Ltd website here.

Information may change classification levels over its lifetime, or due to its

volume – for instance. Confidential Normally accessible only to specified

members of Geeky Designs Ltd staff. Should be held in an encrypted state outside

Geeky Designs Ltd systems; may have encryption at rest requirements from

providers.  2.4 Suppliers All L Geeky Designs Ltd

suppliers will abide by Geeky Designs Ltd Information Security Policy, or

otherwise be able to demonstrate corporate security policies providing

equivalent assurance. This includes: • when accessing or processing Geeky

Designs Ltd assets, whether on site or remotely • when subcontracting to other

suppliers.  2.5 Cloud

Providers Under the GDPR, a breach of

personal data can lead to a fine of up to 4% of global turnover. Where Geeky

Designs Ltd user Cloud services, Geeky Designs Ltd retains responsibility as

the data controller for any data it puts into the service, and can consequently

be fined for any data breach, even if this is the fault of the Cloud service

provider. Geeky Designs Ltd will also bear the responsibility for contacting

Information Commissioner’s Office concerning the breach, as well as any

affected individual. It will also be exposed to any lawsuits for damages as a

result of the breach. It is extremely important, as a consequence, that Geeky

Designs Ltd is able to judge the appropriateness of a Cloud service provider’s

information security provision. This leads to the following stipulations: 1.

All providers of Cloud services to Geeky Designs Ltd must respond to Geeky

Designs Ltd Cloud Assurance Questionnaire prior to a service being

commissioned, in order for Geeky Designs Ltd to understand the provider’s

information security provision. 2. Cloud services used to process personal data

will be expected to have ISO27001 certification, with adherence to the standard

considered the best way of a supplier proving that it has met the GDPR

principle of privacy by design, and that it has considered information security

throughout its service model. 3. Any request for exceptions will be considered

by the Risk Manager and the Chief Operating Officer. 2.6 Compliance, Policy

Awareness and Disciplinary Procedures Any security breach of Geeky Designs Ltd

information systems could lead to the possible loss of confidentiality,

integrity and availability of personal or other confidential data stored on

these information systems. The loss or breach of confidentiality of personal

data is an infringement of the General Data Protection Regulation, contravenes

Geeky Designs Ltd Data Protection Policy, and may result in criminal or civil

action against Geeky Designs Ltd. The loss or breach of confidentiality of

contractually assured information may result in the loss of business, financial

penalties or criminal or civil action against Geeky Designs Ltd. Therefore it

is crucial that all users of the companies information systems adhere to the

Information Security Policy and its supporting policies as well as the

Information Classification Standards. All current staff and other authorised

users will be informed of the existence of this policy and the availability of

supporting policies, codes of practice and guidelines. Any security breach will

be handled in accordance with all relevant policies, including the Conditions

of Use of IT Facilities at the Geeky Designs Ltd and the appropriate

disciplinary policies.  2.7 Incident

Handling If a member of staff is aware of

an information security incident then they must report it to the support tam or

telephone 0151 493 9493. Breaches of personal data will be reported to Geeky

Designs Ltd. If necessary, members of the company can also use Geeky Designs

Ltd Whistle Blowing (Public Interest Disclosure) policy  2.8 Supporting

Policies, Codes of Practice, Procedures and Guidelines Supporting policies have been

developed to strengthen and reinforce this policy statement. These, along with

associated codes of practice, procedures and guidelines are published together

and are available on Geeky Designs Ltd website. All staff, students and any

third parties authorised to access Geeky Designs Ltd network or computing

facilities are required to familiarise themselves with these supporting

documents and to adhere to them in the working environment. Supporting policies

may be found at:  2.9 Review and

Development This policy, and its

subsidiaries, shall be reviewed by the Management and updated regularly to

ensure that they remain appropriate in the light of any relevant changes to the

law, organisational policies or contractual obligations. Additional regulations

may be created to cover specific areas. The Management comprises

representatives from all relevant parts of the organisation. It shall oversee

the creation of information security and subsidiary policies. The Management

will determine the appropriate levels of security measures applied to all new

information systems  3.Responsibilities Members of Geeky Designs Ltd and collaborators on Geeky

Designs Ltd projects will be users of Geeky Designs Ltd information. This

carries with it the responsibility to abide by this policy and its principles

and relevant legislation, supporting policies, procedures and guidance. No

individual should be able to access information to which they do not have a

legitimate access right. Notwithstanding systems in place to prevent this, no

individual should knowingly contravene this policy, nor allow others to do so.

To report policy contraventions, please see Section 2.5: Incident Handling Data

Controllers: Many members of Geeky Designs Ltd will have specific or

overarching responsibilities for preserving the confidentiality, integrity and

availability of information. These include: Principal Investigators / Project

administrators: Responsible for the security of information produced, provided

or held in the course of carrying out research, consultancy or knowledge

transfer activities. This includes ensuring that data is appropriately stored,

that the risks to data are appropriately understood and either mitigated or

explicitly accepted, that the correct access rights have been put in place,

with data only accessible to the right people, and ensuring there are appropriate

backup, retention, disaster recovery and disposal mechanisms in place. 

No startup costs, no upfront investment.

No locked in contracts with the right to cancel anytime. You will be safe in our hands as we build a long relationship.

100% Google safe.

Every website we build is fully optimised with Google’s best practice guidelines.

Regular reporting on how your

site is going and if you need more doing, just ask away, we are happy to talk.

Our websites are designed and built right here in the UK

by our in-house design team. With fast lead times.

Call the team.