IT Security Policy

Global Linguistic Services GLS Limited is committed to ensuring the security, integrity, and confidentiality of all information technology (IT) systems and data. This IT Security Policy establishes the principles and practices for safeguarding our systems, data, and users against unauthorized access, cyber threats, and other vulnerabilities.

1. Purpose
The purpose of this policy is to:

• Protect IT systems and data from unauthorized access, misuse, and breaches.
• Ensure the confidentiality, integrity, and availability of critical information.
• Comply with relevant laws, regulations, and best practices for IT security.

2. Scope
This policy applies to all employees, contractors, and third-party providers using Global Linguistic Services GLS Limited’s IT systems, including hardware, software, networks, and data storage.

3. IT Security Principles

3.1 Access Control

• Access to IT systems and data is granted on a need-to-know basis, with appropriate authorization.
• Strong, unique passwords must be used and updated regularly.
• Multi-factor authentication (MFA) is required for accessing sensitive systems.

3.2 Data Protection

• All sensitive and personal data must be encrypted during storage and transmission.
• Regular data backups are conducted and stored securely to prevent loss.
• Employees must follow data handling guidelines to prevent accidental disclosure.

3.3 Network Security

• Firewalls, antivirus software, and intrusion detection systems are implemented to secure the network.
• Wi-Fi networks are encrypted, and access is restricted to authorized users.
• External devices and systems must comply with IT security standards before connecting to the network.

3.4 Device Security

• Company devices must be password-protected, and their software must be regularly updated.
• Lost or stolen devices must be reported immediately for remote data wiping if necessary.
• Personal devices used for work purposes must comply with company security policies.

3.5 Software and Updates

• Only authorized software is permitted on company systems.
• Regular updates and patches must be applied to all systems to address vulnerabilities.
• Unauthorized downloads or installations are strictly prohibited.

3.6 Cyber Threat Mitigation

• Employees must recognize and report phishing attempts, malware, and other cyber threats.
• Regular training is provided to ensure awareness of evolving cyber risks.
• Incident response plans are in place to address and recover from security breaches.

4. Roles and Responsibilities

4.1 IT Security Manager

• Oversees IT security measures, audits, and incident response.
• Ensures compliance with this policy and related regulations.

4.2 Employees and Contractors

• Adhere to IT security practices outlined in this policy.
• Report suspected security incidents or breaches promptly.

5. Incident Management
All IT security incidents must be reported immediately to the IT Security Manager. Incidents will be investigated promptly to mitigate risks and prevent recurrence. If a breach involves personal data, relevant authorities and affected individuals will be notified in accordance with legal requirements.

6. Monitoring and Auditing
Regular audits of IT systems and processes are conducted to identify vulnerabilities. Monitoring tools are used to detect and respond to suspicious activities.

7. Compliance
Failure to comply with this policy may result in disciplinary action, termination of contracts, or legal consequences. All employees and contractors are required to sign an acknowledgment of understanding and agreement.

8. Review and Updates
This policy is reviewed annually and updated as necessary to address new security challenges, technologies, and regulatory requirements.

Contact Information
For questions or concerns about IT security, please contact:
Email: info@globallinguisticservices.co.uk
Phone: +447498896053

Effective Date: 1 November 2024.

By adhering to this IT Security Policy, Global Linguistic Services GLS Limited ensures the protection of our IT systems, client data, and organizational integrity in an increasingly digital world.