Data Security Policy.

At ClockworX, safeguarding your data is our top priority. Our robust Data Security & Information Protection Policy, aligned with our ISO 27001 certification, ensures the highest standards of data protection.

We are committed to best practice data security and information protection and engage independent experts to implement and monitor our systems organisation wide.

Here is a summary of our Data Security & Information Protection Protocol for your peace of mind:

ISO 27001 Certification: We are proud to be ISO 27001 certified, showcasing our commitment to international best practices in information security management.

Data Handling: All employees handle data and information assets in compliance with applicable laws, regulations, and contractual requirements. Data is stored, transmitted, and disposed of securely, using approved encryption and disposal methods.

Data Encryption: Sensitive data in transit and at rest is encrypted using industry-standard encryption algorithms and protocols. Encryption keys are managed securely to prevent unauthorised access.

Data Transfer: All data transfers are encrypted using secure protocols. Any transfer of sensitive data via email or storage devices is restricted and closely monitored.

Data Classification: Data is classified based on its sensitivity, classification levels include but are not limited to: Public, Protected, Restricted and Confidential.

Access Control: Strict access controls are in place to ensure only authorised personnel have access to your data.

Physical Security: Physical access to data storage facilities, server rooms, and other sensitive areas is restricted and monitored.

Employee Training & Awareness: All employees receive regular training on data security best practices, policies, and procedures. Awareness campaigns are conducted to promote a culture of security within the organisation.

Regular Audits: Our systems undergo regular security audits to identify and rectify any vulnerabilities, ensuring continuous improvement in our security posture.

Third-Party Vetting: All third-party service providers are rigorously vetted to ensure they meet our high standards of data security.

Incident Response: We have a comprehensive incident response plan in place to quickly detect and respond to any potential data and security breaches.

Password Management: All password management is securely handled through 1Password with multi-factor authentication (MFA) enforced for accessing sensitive systems and applications.

Data Backup & Recovery: Regular backups of critical data are performed and stored securely in an off-site location. A data recovery plan is in place to restore data in the event of data loss or corruption.

Client Control: Our clients have control over their data, with options to access, correct, or delete their information upon request.