Information and Cyber Security Statement
Introduction
At SBD Automotive, we know information security is important to our Clients, and our Business Partners. We are committed to maintaining Information Security through responsible management, appropriate use, and protection in accordance with legal and regulatory requirements and our agreements.
It is SBD Automotive policy to make every effort to protect our information assets from threats – whether they be internal or external, deliberate or accidental.
Key to this being:
-
Confidentiality - The prevention of unauthorised disclosure of information;
-
Integrity - The prevention of unauthorised change to information;
-
Availability - The appropriate setting of accesses and security levels to prevent unauthorised access and maintain those that are legitimate.
Our commitment to information security is demonstrated through implementation and maintenance of an Information Security Management System (ISMS).
A dedicated team are responsible for reviewing and establishing relevant information security policies and procedures.
Information Security Policy
SBD Automotive policies cover areas such as information security, document handling/retention, and data protection that clearly define responsibilities, security protocols and acceptable use of its information technology systems and assets.
Policies are reviewed at least annually and updated as necessary.
Our policies detail the security protocols and standards that employees must follow, including in relation to access controls, confidentiality, business and private data protection, physical security, appropriate usage and code of conduct.
Organisational Security
SBD Automotive continuously maintains and monitors notifications, errors, logs and alerts on our services, and from all systems to identify and manage threats. We also maintain internal information security policies, including incident response plans.
Access controls
We have a standard starters and leavers process in place to address the addition and removal of users. We implement two-factor authentication for access to SBD systems and data. Users who have privileged or network access are reviewed on a regular basis and those who no longer need this access are removed.
For internal users, role-based access controls are implemented for access to services and application. For external users, permissions are applied and managed so that only relevant and authorised users have access to the data they are allowed to view and manipulate.
Data Protection
Data at rest and in transit is encrypted. We dispose of old equipment securely and ethically. We limit access to environments to only those who need access, and have separate environments for development, test and production.
Compliance
The ISMS is also regularly audited (both internally and externally) to ensure continued compliance with globally recognised Standards including Cyber Essentials and ISO 27001 (Currently the UK and German offices).
New members of staff receive information security training during their induction period, and all staff are required to undertake regular update sessions to ensure their knowledge and understanding remains current.
We have a separate Privacy Notice explaining the specific arrangements in place regarding the processing of personal data. This can be found on our website
Business Continuity and Disaster Recovery
In order to minimize system and service interruption due to hardware of software failures, natural disasters or other catastrophes, SBD Automotive has implemented disaster recovery procedures for all critical business and operational systems.
Further Queries
If you have any further queries regarding SBD Automotive Information Security, please contact ISMS@sbdautomotive.com