Call Me Back

How We Work

Information Security

We have established policies and processes for information governance, information security and confidentiality and data protection assurance. These ensure we meet all relevant regulatory and legislative requirements for information governance and security including: Data Protection Act 1998; Freedom of Information Act 2000; Computer Misuse, Electronic Communications and Environmental Information regulations. We are registered with the Information Commissioners Office (registration number Z1055667).

We operate robust processes for the checking and vetting of all employees and potential employees. Offers of employment are subject to satisfactory checks within the requirements of BS 7858:2006 (security screening of individuals employed in a security environment). The following checks are carried out:

  • current address verification
  • 5 year written record of employment verification
  • Criminal Record Bureau check
  • personal/professional references (minimum 2)

  • credit check, county court judgement, insolvency/bankruptcy search
  • evidence of the right to live and work in the UK
  • medical declaration/health clearance

All staff including those to be deployed in delivery of relocation services:

  • undertake mandatory Information Security (IS) training as part of their induction to the business and bespoke IS training as required
  • undertake mandatory updating and refresher IS training (competency based)
  • receive copies of the IS policy, manual and operating procedures and sign to acknowledge full receipt of and understanding of their responsibilities
  • have regular briefings (bulletins, staff meetings) to update on IS requirements
  • have their compliance with IS Policies and procedures assessed, as part of our performance management and appraisal processes


Our quality, health, safety and environmental management system includes As a company heavily invested and proactive in embracing and utilising technology, disaster recovery is a significant business risk we prioritise for our own company resilience and that of our clients. We are certified to BS EN ISO 22301 Business Continuity Management Standard. Our arrangements for business continuity are managed and delivered according to the three business continuity ISOs, which have effectively replaced the British Standards BS 25999-1:2006 and BS 25999-2:2007 (Part 1 withdrawn in 2012, Part 2 in 2013). The ISOs we work to for business continuity are:

  • ISO – ISO 22301:2012 societal security business continuity management systems requirements
  • ISO 22313:2012 societal security business continuity management systems guidance
  • ISO/IEC 27031:2011 information security guidelines for information and communication technology [ICT] readiness for business continuity

A key characteristic of our business continuity planning is communication. Controls in place include:

  • Ensuring the management team are highly aware of all services to create scope for deputising, skill mobility and stepping up in the event of the absence
  • Identifying and raising awareness amongst all staff of the issues and circumstances which may potentially cause disruption to service
  • A culture that requires staff to report to the risk and compliance officer on near misses, so that each event can be assessed and measures put in place


Our team are happy to answer any enquiries