In 2018, we began to address data security head on. We are currently developing a data security policy and enhancing our IT system security architecture.
Work in this area has been a collaborative effort between Group Legal and the IT department to put in place the necessary data management policies and to ensure we are aligned on how to handle data in all circumstances. Our next steps will involve educating employees on these points and putting these policies in practice - as required for GDPR compliance.
We are a partner with Microsoft and have signed agreements to use their technologies offered under Microsoft Enterpriser Mobility and Security Suite. This partnership will enable us to enhance our security infrastructure, implement controls to protect customer data from internal/external security threats, and flag any risks through proactive security monitoring.
We are working in several other areas to improve our security architecture, including the enhancement of network security, advance threat protection for e-mail systems and endpoint devices.
We have developed a Security Architecture and Risk Framework which is integrated with our project management framework. This will enable us to follow secure by design principles by including security activities throughout the development lifecycle.
We are also working to enhance user awareness of information security and data privacy. We have included security training as part of new joiners’ induction and are developing a plan for awareness-raising among users.