Security Policy
Last updated: 09 August 2025
Contents
1. Security Approach
2. Technical & Organisational Controls
3. Third-Party Providers
4. Incident Response
5. User Responsibilities
6. Security Contact
1. Security Approach
We protect the confidentiality, integrity and availability of our systems and data using a risk-based approach aligned with industry good practices.
2. Technical & Organisational Controls
- Encryption: TLS for data in transit; encryption at rest for sensitive data with our providers.
- Access control: Role-based access, least privilege, and multi-factor authentication for admin systems.
- Secure development: Change control, code review, and dependency management.
- Vulnerability management: Regular patching and security updates.
- Logging & monitoring: Activity logs and anomaly detection.
- Backups & resilience: Provider-managed backups and high availability where applicable.
- Awareness: Staff training on data protection and security practices.
3. Third-Party Providers
We vet vendors for security, confidentiality and data protection. Where data leaves the UK, we use appropriate transfer safeguards (e.g., IDTA/SCCs).
4. Incident Response
We operate an incident response process to assess, contain and remediate security events. Where required, we notify affected users and the ICO without undue delay.
5. User Responsibilities
- Use strong, unique passwords and keep credentials confidential.
- Enable multi-factor authentication where available.
- Report suspected security issues to us immediately.
6. Security Contact
Report a security concern: business@cyberpathinsight-uk.com | Tel: +44 730 999 6080.
This page summarises our web security posture and does not grant any warranty or contractual commitment.