Introduction

This policy outlines the procedures and guidelines for accessing and using TreeSmiths Ltd’s website and information assets. It is designed to protect the confidentiality, integrity, and availability of our information assets.

Information Security

​

• Data Protection:

  • All personal data collected through the website must be handled in accordance with relevant data protection laws and regulations (e.g., GDPR).

  • Data must be protected through encryption, access controls, and regular backups.

​​

• Malware Protection:

  • Anti-virus and anti-malware software should be installed and regularly updated on all servers.

  • Regular security audits and vulnerability assessments should be conducted.

​​

• Network Security:

  • Network security measures, such as firewalls and intrusion detection systems, should be implemented to protect against unauthorized access.

​​

​​

Data Retention and Deletion

• Data Retention:

  • Personal data collected through the website should only be retained for as long as necessary to fulfill the purpose for which it was collected and is outlined in our privacy policy.

​​

• Data Deletion:

  • Personal data should be deleted or anonymized when it is no longer needed.

​​

​​

Incident Response

• Incident Reporting:

  • Any security incidents, such as data breaches or unauthorized access, must be reported immediately.

​​

 

Monitoring and Review​

• System Monitoring:

  • IT systems should be regularly monitored for security threats and anomalies.

  • Logs should be reviewed to identify potential security breaches.

​​

• Policy Review:

  • This policy should be reviewed and updated regularly to ensure its effectiveness.

​​

By following this policy, Treesmiths Ltd aims to protect its information assets and maintain the confidentiality, integrity, and availability of its systems and data.