Information Security Policy
Velma Group Ltd recognises the importance of protecting the information entrusted to us by our clients, workers, employees and partners. As an organisation that processes sensitive employment, payroll and personal data, maintaining strong information security practices is essential to our operations.
This Information Security Policy outlines our commitment to safeguarding information assets and ensuring that data is protected against unauthorised access, loss, misuse or disclosure.
Our approach to information security is designed to protect the confidentiality, integrity and availability of information while supporting the effective delivery of our services.
Purpose
The purpose of this policy is to establish a framework for protecting information and information systems used by Velma Group Ltd. It sets out the principles and responsibilities for ensuring that information is handled securely and responsibly across the organisation.
This policy supports compliance with relevant legal, regulatory and contractual obligations, including data protection legislation and industry best practices.
Scope
This policy applies to all individuals who access or process company information, including:
-
Employees
-
Contractors
-
Temporary staff
-
Consultants
-
Third-party service providers
It applies to all information assets owned or managed by Velma Group Ltd, including:
-
Digital systems and databases
-
Email and communication platforms
-
Paper records and documentation
-
Portable devices and storage media
-
Cloud-based systems and platforms
Information Security Principles
Our information security framework is based on the following key principles:
Confidentiality
Sensitive information must be protected from unauthorised access or disclosure. Access to information is granted only to authorised individuals who require it for legitimate business purposes.
Integrity
Information must be accurate, complete and protected from unauthorised modification. Processes are in place to ensure that data remains reliable and trustworthy.
Availability
Information and systems must remain accessible to authorised users when required. Systems are maintained and monitored to ensure operational continuity.
Responsibilities
Information security is the responsibility of everyone within the organisation.
Management Responsibilities
Senior management is responsible for:
-
Establishing and maintaining appropriate security policies
-
Ensuring adequate resources are allocated to information security
-
Promoting a culture of security awareness throughout the organisation
Employee Responsibilities
All employees and authorised users must:
-
Handle information securely and responsibly
-
Follow established security procedures
-
Protect login credentials and access information
-
Report security concerns or incidents immediately
Failure to comply with this policy may result in disciplinary action.
Access Control
Access to company systems and information is restricted to authorised users only.
Access controls are implemented through:
-
Secure user authentication procedures
-
Role-based access permissions
-
Password protection and security standards
-
Monitoring of system access
Users are only granted access to the information necessary to perform their duties.
Data Protection
Where personal data is processed, it is handled in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Personal data is processed only where necessary and with appropriate safeguards in place to protect individuals’ privacy.
Secure Use of Technology
To maintain the security of our systems, we implement appropriate technical controls including:
-
Secure networks and firewalls
-
Regular software updates and patch management
-
Anti-virus and malware protection
-
Encryption of sensitive data where appropriate
-
Secure backup systems
Employees must use company systems responsibly and in accordance with internal policies.
Information Handling and Storage
Information must be stored and managed in a secure manner appropriate to its sensitivity.
This includes:
-
Secure storage of physical documents
-
Controlled access to digital systems
-
Proper disposal or destruction of confidential information
-
Secure handling of portable devices and storage media
Sensitive information must never be shared with unauthorised individuals.
Third-Party Security
Where third-party suppliers or service providers process information on behalf of Velma Group Ltd, appropriate safeguards are implemented to ensure that data remains protected.
This may include contractual agreements, security requirements and due diligence procedures.
Incident Management
In the event of a security incident or suspected data breach, immediate action will be taken to assess and contain the situation.
All employees must report any suspected security incidents promptly so that appropriate investigation and response measures can be implemented.
Where required by law, incidents will be reported to relevant regulatory authorities.
Business Continuity and Backup
To ensure the availability of information and services, Velma Group Ltd maintains appropriate backup and recovery procedures.
Regular backups are conducted to protect against data loss and to support business continuity in the event of system failure or disruption.
Training and Awareness
Employees are provided with guidance and training on information security responsibilities to ensure that they understand how to handle data safely and recognise potential security risks.
Maintaining a culture of security awareness is an essential part of our information security programme.
Policy Review
This Information Security Policy will be reviewed periodically to ensure it remains effective, up to date and aligned with evolving security risks, technologies and legal requirements.
Contact Information
Any questions regarding this policy or information security practices should be directed to:
Velma Group Ltd
Suite 1, 262 Cowley Road, Oxford, England, OX4 1UH
velmagroup@outlook.com