Indigo Forward conduct an annual audit check compliance with statutory obligations for governance including security systems checks and information retention policy.
We have a documented procedure for reporting, investigating and managing any security incidents. A copy of the internal forms and procedure document can be made available on request.
All our staff undergo a thorough induction process which includes learning, accreditation and personal mentoring. Everyone signs a binding undertaking as part of their contract of employment concerning conduct, confidentiality and behaviour. Disciplinary measures for non-conformance would include dismissal for gross misconduct. We provide undertakings re confidentiality in our service Agreements and Terms and Conditions of service. A copy of the internal induction and disciplinary procedures can be made available on request.
Data storage is managed in conformance with our data security procedures policy. The data security policy applies to all employees. A copy of the internal procedure and disposal standards can be made available on request. For paper based information we use a reputable disposal company to conduct shredding of confidential paper waste, which is secured in locked bins prior to shredding.
Our employees have individual access rights, permissions and passwords, which requires regular password changes. Obviously customers are granted access to their own information and services on the Dashboard via their PIN codes or own User credentials, which they may choose to (or inadvertently) share, for which Indigo Forward has no control.
We have daily back up procedures and routines for managing all significant and customer operational data. Copies of our Data Security and back up procedures can be made available on request.
Access to control of confidential data is covered by our data security and access procedures and standards which ensures that confidential information is only available to authorised users. A copy of the internal procedures and standards can be made available on request.
We use FTP and encryption when information deemed confidential needs to be transferred over a public network.
Historic files of user access are kept in secure audit trail files, accessible only to approved designated system administrators. The data retention policy requires longer periods of retention for certain information, as required by law. The actual period of retention varies by type and classification of data. e.g financial audit, and invoicing and taxation information must be kept for seven years.