At the PA Group we take information security very seriously, which is why our IT team have a robust set of policies in place to protect both the business and any personal data we hold.
PA Group is also committed to data privacy, security and governance when it comes to working with our clients and partners. Therefore, we are fully compliant with the European Union’s new General Data Protection Regulation (GDPR) which came into effect in May 2018. PA embarked on an organisation wide project to prepare for GDPR, both for our internal processes and for our commercial offerings.
PA Group enhanced its set of security policies, embedding data protection principles into all everyday business processes and ensuring organisational activities limit the amount and use of personal data to what is specifically required by default.
What measures does PA Group have in place?
Our IT team expanded on our previous information security policies as well as introducing fresh processes to govern how all data is handled. This covers all areas of activity within the business and how we handle data that’s coming in from or out to 3rd party partners and clients.
Who oversees GDPR compliance at PA Group?
Since the start of 2018 PA Group has in place a team to oversee both the implementation of its GDPR processes and continually ensure the company continues to be compliant. This team is headed up by our Head of IT Operations.
Who oversees security at PA Group?
Security is an integral part of IT and Data operations. IT management oversee the audit and enforcement of IT security, reporting directly into the executive board. Department managers are responsible for ensuring good security and data handling practice within their area. Our Human Resources and Legal team’s involvement ensure group wide commitment, and that our security policies protect and uphold the rights of individuals.
At PA Group, what organisational controls are in place to reduce security risks?
Our policies and IT controls that appropriate measures are taken in all areas of management and operational processes, including: physical security, network security, endpoint security, risk management, auditing, patch management, change management, incident response, mobile and remote working.
Does PA Group have a security breach notification process in place?
Our breach procedures have been updated to comply with the requirements of communication of data breaches to the Commissioner and Data Subjects. These procedures are reviewed on a quarterly basis and in response to updates from the Information Commissioners Office.