Embedded Files
1. Cyber Security & Data Policy: Senirol Ltd
1. Cyber Security & Data Policy: Senirol Ltd
Statement of Intent
Statement of Intent
Senirol Ltd is committed to protecting the "Confidentiality, Integrity, and Availability" of all digital assets. We aim to protect client privacy and prevent financial fraud by following the UK National Cyber Security Centre (NCSC) "Small Business Guide" principles.
Key Controls & Protocols
Key Controls & Protocols
A. Device & Access Security
Password Policy: All devices (laptop, iPad, phone) must be secured with a complex password, PIN, or biometric (FaceID/Fingerprint). We use unique passwords for every account.
Multi-Factor Authentication (MFA): 2-Step Verification is mandatory for all core business accounts (Email, Banking, and Travel Booking systems).
Software Updates: "Automatic Updates" are enabled on all devices to ensure the latest security patches are installed immediately.
B. Data Protection (UK GDPR)
Data Minimisation: We only collect the personal data necessary for the trip (e.g., Passport details for park permits). We do not keep this data longer than required.
Secure Storage: Client documents are stored in encrypted cloud storage (e.g., OneDrive/Google Workspace) rather than saved locally on a device’s desktop.
ICO Registration: As a company processing personal data, Senirol Ltd is registered with the Information Commissioner’s Office (ICO) and pays the annual Data Protection Fee.
C. Mobile & Travel Security (Africa Operations)
Public Wi-Fi: We avoid using public or hotel Wi-Fi for banking or accessing sensitive client data unless using a Virtual Private Network (VPN).
Remote Wipe: All mobile devices are configured so they can be remotely wiped if lost or stolen while on safari or in transit.
Physical Security: When stationary, devices are kept out of sight or in a locked safe. We utilise laptop privacy screens when working in public spaces to prevent "shoulder surfing."
2. Data Handling Checklist for Travel
2. Data Handling Checklist for Travel
Use this for every booking to stay compliant:
Stage
Action
Enquiry
Only collect name/contact info. Provide a link to your Privacy Notice.
Booking
Collect passport/medical info via a secure form or encrypted email.
During Trip
Keep a digital encrypted copy; do not carry loose paper copies if possible.
Post-Trip
Securely delete sensitive documents (like passport scans) once the traveller has returned.
Page updated
Google Sites
Report abuse