Geoff Smith Associates has a formalised and comprehensive Process for all areas of physical and information security and confidentiality. The Policies and Procedures are actively enforced and are communicated to staff via Training Programs (including Induction and On the Job Training) and within specific Customer-Project Meetings. The Policies and Procedures which ensure data remains under secure control extend to personnel security, physical building/premises security, IT Infrastructure security and Business-Continuity. All access to systems, and to Customer Data and Documents is permission enabled only.
Transportation
All collections and deliveries are pre-arranged with pre-defined journeys on the basis of ‘a nonstop policy’.
- Transportation is within GSA’s own vehicles, manned by two GSA (SC vetted) staff.
- Vehicles are protected with “Slam Locks” tracked by two trackers and integral Safes.
- At all times physical files are retained within secure closed boxes. All data is encrypted to an agreed standard.
- GSA vehicles are utilised for one client at a time on a one customer, one journey basis.
- The movements of files are recorded as part of the Full Audit Trail. This means that at all times the continuity of handling of material is audited and accounted for.
**The ‘Transportation’, ‘Non Stop’ and ‘One Customer, One Journey’ Policy is subject to clarification for different classifications of data and documents defined for IL1, IL2, IL3 and IL4.
Internal security
Security and Quality are not labels we stamp on the Bureau service at the end of the process but are a significant part of the whole business process from start to finish. GSA has been operating a Quality Management System to BS EN ISO 9001 since 2003 and from 2010 attained Information Security Management System ISO 27001 accreditation. Additionally, GSA systems and processes are compliant in accordance with the Code of Practice for Evidential Weight and Legal Admissibility of Linking Electronic Identity to Documents (BIP 0008-3:2008). The BIP 0009 Compliance Work Book is available to view. Additionally, for Policing Customers, GSA has been assessed as a Police Approved Secure Facility for Impact Level 3 and 4 by the Home Office National Police Information Risk Management Team (last Inspection May 2013).
Building Security
Where Information Security is imperative, secure services start with physical Building Security and the application of sensible security products to minimise risks:
- Monitored and Recorded PIR Alarm Systems
- Actively monitored and recorded CCTV
- Defined key holders & FOB Locked Internal Doors
- Obscured Door & Window with Security Grilles
- Isolated work areas with ‘One Job Open’ Rule
- Climate Controlled Storage with double Caging and Cabinets
Infrastructure Security
In the background at IT and User Level we address infrastructure issues by utilising systems and products with known provenance and quality assurance:
- Fully encrypted and isolated Network
- Retention of a wholly complete electronic and manually recorded Audit Trail for all events provided to a uniquely extensive level
- Disabled E-mail, Internet Connections & USB Devices on all Bureau Computers
- Work access by Individual User Permissions
- Secure communication Criminal Justice E-Mail address: gsx.gov.uk, gsi.gov.uk, nhs.net, pnn.police.uk
- No Media Devices such as Mobile Phones/ Cameras in Restricted Areas
- Controlled Firewall, Anti Virus and Back Up Processes within actively addressed Disaster Recovery & Business Continuity framework.