Introduction

Fundur, a prominent UK-based Commercial Finance Brokerage, recognises the critical importance of safeguarding sensitive data and maintaining the highest standards of data security. This Data Security Policy outlines the principles and practices implemented by Fundur to ensure the protection, confidentiality, integrity, and availability of all data under its purview.

Scope

This policy applies to all employees, contractors, partners, and third parties who have access to Fundur’s data and information systems. It encompasses all forms of data, including personal, financial, and operational information.

Data Classification

Fundur classifies data based on its sensitivity and criticality. The following classifications are used:

  • Confidential Data: Highly sensitive information that, if disclosed or compromised, could result in significant financial or reputational harm to Fundur or its stakeholders.
  • Internal Data: Non-public information intended for internal use, not publicly disclosed.
  • Public Data: Information intended for public dissemination.

Data Security Measures

Access Control

Access to data is restricted on a need-to-know basis. User access rights are assigned according to job roles and responsibilities. Strong authentication mechanisms, including unique user IDs and strong passwords, are enforced.

Encryption

Confidential and sensitive data in transit is encrypted using industry-standard encryption protocols. Data at rest is also encrypted, particularly when stored on portable devices or remote servers.

Network Security

Fundur employs robust network security measures, including firewalls, intrusion detection and prevention systems, and regular security assessments, to protect against unauthorized access and cyber threats.

Endpoint Security

All endpoints are equipped with up-to-date antivirus and antimalware software. Regular security updates and patches are applied to mitigate vulnerabilities.

Data Backup and Recovery

Fundur maintains regular data backups and implements a comprehensive disaster recovery plan to ensure data availability and integrity in case of unforeseen events.

Physical Security

Physical access to data storage facilities is restricted through controlled access points, surveillance systems, and security personnel.

Data Handling and Disposal

Data Retention

Data is retained in compliance with legal and regulatory requirements. Outdated or no-longer-needed data is promptly deleted to minimize data risks.

Data Disposal

When data is no longer needed, it is disposed of securely using approved methods, including shredding or secure erasure, to prevent unauthorized access or retrieval.

Training and Awareness

Fundur provides regular data security training and awareness programs to all employees and relevant stakeholders to ensure a strong understanding of data security practices and protocols.

Incident Response

In the event of a data breach or security incident, Fundur has established an incident response plan to promptly identify, contain, mitigate, and recover from such incidents. This includes notifying affected parties as required by law.

Compliance and Review

This Data Security Policy is subject to regular review and updates to ensure its effectiveness and alignment with evolving industry standards and regulations.

By adhering to the principles outlined in this Data Security Policy, Fundur aims to maintain the highest level of data security, safeguarding the interests of the company, its clients, and partners.

 

Policy approved by Max Spinelli (09/08/2023)