Skip to content

Security Policy:

Rayleigh Sound & Vision LTD
Effective Date: 28.5.2025
Version: 1.0

  1. Purpose

    The purpose of this policy is to establish and maintain the security of information and IT systems at Rayleigh Sound & Vision LTD. This ensures the confidentiality, integrity, and availability of all data—whether held digitally or physically—and protects the interests of our customers, employees, and business.

  2. Scope

This policy applies to:

  • All employees, contractors, and third-party service providers
  • All systems, networks, applications, and data owned or operated by Rayleigh Sound & Vision LTD
  • All physical and digital locations where data is stored, transmitted, or accessed
  1. Roles and Responsibilities:
  • Managing Director: Overall accountability for information security
  • IT Administrator / Service Provider: Responsible for implementing security controls and responding to incidents
  • All Staff: Must comply with this policy and attend security awareness training
  1. Key Principles:

We are committed to:

  • Protecting all personal and sensitive data from unauthorised access
  • Ensuring systems are protected against cyber threats, malware, and data breaches
  • Complying with the UK GDPR, Data Protection Act 2018, and other applicable laws
  • Regularly reviewing and updating our security practices
  1. Data Security Measures:

5.1 Access Control

  • User access is restricted based on job roles (principle of least privilege)
  • Strong password policies are enforced
  • Multi-factor authentication (MFA) is implemented for sensitive systems

5.2 Network Security

  • Firewalls and antivirus software are used on all devices
  • Secure VPN is used for remote access
  • Wi-Fi networks are encrypted and protected with strong credentials

5.3 Device Security

  • Company devices are encrypted and protected with secure login credentials
  • Personal devices used for work must meet minimum security standards
  • Lost or stolen devices must be reported immediately

5.4 Physical Security

  • Offices and server rooms are locked and access-controlled
  • Paper documents containing sensitive data are stored securely and shredded when no longer needed
  1. Data Backup and Recovery
  • Daily backups are performed for key systems and data
  • Backups are encrypted and stored offsite or in secure cloud environments
  • Disaster recovery and business continuity plans are maintained and tested annually
  1. Training and Awareness
  • All staff must complete annual security awareness training
  • Additional training is provided for handling sensitive or customer data
  1. Third-Party Services and Suppliers
  • Third parties must agree to data protection and security standards
  • Due diligence is performed before engaging with any IT service providers or data processors
  1. Incident Management
  • Security incidents (e.g., data breaches, phishing attacks) must be reported immediately to the designated IT contact
  • All incidents are logged, investigated, and where necessary, reported to the ICO (Information Commissioner’s Office) within 72 hours
  • Post-incident reviews are conducted to improve resilience
  1. Policy Review and Maintenance
  • This policy will be reviewed annually or following a significant change in business or legal requirements
  • Updates will be communicated to all staff
  1. Compliance

Failure to comply with this policy may result in disciplinary action and, where appropriate, legal action.

  1. Contact

For questions or to report a security incident, contact:

Security Lead / IT Administrator
Rayleigh Sound & Vision LTD
Email: rob.goddard@rayleighhifi.com
Phone: 01245265245