Information Security Policy

Our commitment

As a managed service provider, information security is central to everything we do. Axia Computer Systems Ltd is committed to protecting the confidentiality, integrity and availability of all the information we hold and process — both our own and that entrusted to us by our clients. This policy sets out the principles we follow to keep information and systems secure.

Our principles

• Protect information against unauthorised access, disclosure, modification or loss.
• Apply appropriate technical and organisational controls, following recognised good practice such as Cyber Essentials.
• Ensure information is available to authorised users when they need it.
• Meet our legal, regulatory and contractual security obligations.
• Report, investigate and learn from security incidents.

Technical and organisational controls

• Multi-factor authentication, least-privilege access and strong password practices.
• Patching, endpoint protection, firewalls and proactive monitoring of systems.
• Encryption of sensitive data in transit and at rest where appropriate.
• Regular, tested backups and documented recovery procedures.
• Secure configuration and change management across our infrastructure.

People and awareness

Our staff receive regular security-awareness training and understand their responsibilities for protecting information. Access to systems is granted on a need-to-know basis and reviewed regularly, and is removed promptly when no longer required.

Incident management

We maintain procedures to identify, contain, investigate and recover from security incidents, and to notify affected clients and relevant authorities where required. We treat every incident as an opportunity to strengthen our controls.

Review

This policy is reviewed regularly and updated to reflect changes in technology, threats and best practice. If you have any questions about our approach to information security, please get in touch.