security policy

Security of personal data

We are registered to ISO 9001:2008 for network, IT integrated solutions and database projects, and to ISO27001:2005. This latter standard is the current benchmark for the security of data, addressing data integrity, availability and confidentiality

Our default method of transferring personal data is password-protected ZIP format or Secure FTP.

When using mail or courier services for transfer of personal data a traceable or equivalent registered mail service is used.

Personal data is only stored on ORC International secure servers and will not be transferred or copied to remote devices (including laptp hard drives or USB drives) unless specifically required by the client.

When disposing of PCs, laptops or servers, ORC International removes and destroys hard drives using an approved partner to guarantee elimination of sensitive files from these devices.

Personal data may be stored on magnetic tapes for back up purposes both during and after project use. These tapes are stored in a secured on-site location with access restricted to designated ORC International IT staff.

A full Information Security Management System Policy document is available for client review, on request.

Confidentiality

We are registered under and comply with, the Data Protection Act (DPA) 1998. Our external auditors examine our compliance during our bi-annual surveillance visits.

Freedom of Information Act

All of our tender responses, quotes, proposals and related documents contain trade secrets and, as such, are classified by the act as “exempt information” in the event that any third party were to request a public authority to disclose them.

---