At the Press Association we take information security very seriously, which is why our IT team have a robust set of policies in place to protect both the business and any personal data we hold.
PA is also committed to data privacy, security and governance when it comes to working with our clients and partners. Therefore, we are working towards allignment to comply with the European Union’s new General Data Protection Regulation (GDPR) which will go into effect in May 2018. PA has established an organisation wide project to prepare for GDPR, both for our internal processes and for our commercial offerings.
PA is enhancing its set of security policies, embedding data protection principles into all everyday business processes and ensuring organisational activities limit the amount and use of personal data to what is specifically required by default.
What measures do PA have in place for 25th May 2018?
Our IT team are expanding on our existing information security policies as well as introducing fresh processes to govern how all data is handled. This covers all areas of activity within the business and how we handle data that’s coming in from or out to 3rd party partners and clients.
Who oversees security at PA?
Security is an integral part of IT and Data operations. IT management oversee the audit and enforcement of IT security, reporting directly into the executive board. Department managers are responsible for ensuring good security and data handling practice within their area. Our Human Resources and Legal team involvement ensure group wide commitment, and that our security policies protect and uphold the rights of individuals.
At PA, what organisational controls are in place to reduce security risks?
Our policies and IT controls that appropriate measures are taken in all areas of management and operational processes, including: physical security, network security, endpoint security, risk management, auditing, patch management, change management, incident response, mobile and remote working.
Do PA have a security breach notification process in place?
Our breach procedures have been updated to comply with the requirements of communication of data breaches to the Commissioner and Data Subjects. These procedures will continually be reviewed for alignment with the new UK Data Protection Bill as it passes into law, and updates from the Information Commissioners Office.