Skip to the content

                                                                                         

 CYBER ESSENTIALS ACCREDITATION ACHIEVED!

 

O&M Pension Solutions are delighted to have attained the Cyber Security Plus Accreditation. Please visit the Cyber Essentials website for further information. We are now working towards ISO27001:2013.

STAFF TRAINING

We provided GDPR training and Cyber Security training to all members of staff, who have each received certificates confirming their knowledge and understanding of the changes to legislation.  All of our employees sign User Agreements that bind them to our policies. We are also shortly going to be introducing additional screening checks for new employees. Our existing staff will also be subject to these checks for additional reassurance.

STRICT INTERNAL SECURITY PROTOCOL

We enforce a strict password policy (access to TVAS secured by a separate password to login), lock screen timeouts, locked filing cabinets with keys secured in separate key safes depending on the area of business. There are office entry controls and separate secure access to the Server room. We have a secure firewall, that has been externally tested for penetration as part of our Cyber Security Plus accreditation, and non-removeable anti-virus and malware detection software installed on each PC, Tablet and Laptop. PCs, etc are locked down so that USB and CD/DVD storage is not accessible by staff.

SECURE SERVERS AND DATA BACKUP

We use Microsoft Azure services and a local server for providing our services. Backups of data occurs daily to local media and to google servers and these are encrypted. All Microsoft Azure and Google servers used for data storage are in European data centres.

PAPER RECORDS DESTROYED SECURELY

All of our paper files containing member information received as part of our data collection process is destroyed within 3 months of the report being completed/cancelled and is securely destroyed onsite by DataShredders Ltd. DataShredders also provide us with secure disposal of all electronic devices and hold the following accreditation – Information Destruction BS EN 15713 : 2009.

Please visit their website for additional information.

GDPR AND OUR SOFTWARE/SERVICES

As we have separate elements to the business (Transvas Profiler software, Transfer Bureau and Bulk Projects services), GDPR is affecting these areas in different ways. We have therefore created sub sections within this page to provide more information - see the associated entry on the right hand side of this page.

BREACH REPORTING PROCEDURE

Should you identify a data breach you can download a copy of our Breach Report Procedure by clicking HERE.

INFORMATION REQUESTS

Should a member wish to receive any information we currently hold on them, please contact GDPR@ompensions.co.uk or 01206 805405 and we will arrange to issue the relevant forms to the member for completion.

ICO Ref: ZA061741