To run a scheme efficiently we need to hold a lot of personal and financial information, and the security of that data is paramount.
Restricting physical access
A key element of Barnett Waddingham’s Business Management System is the control of documents and records. This includes the physical aspects of security, from each member of staff having pass cards to gain access to our buildings and departments and secure destruction of obsolete data.
"We are pleased to confirm that Barnett Waddingham are certified to ISO 9001:2008 and ISO 27001:2013."
Restricting electronic access
Security of our electronic data is equally important and is constantly reviewed by our IT Department, who continually monitor the performance of our firewalls, anti-malware toolkits, network traffic and automatically regulate passwords in terms of complexity. To avoid the risk of sensitive financial or personal data being compromised we aim to password protect all sensitive documents, with the password being communicated via a different channel.
We also operate a Secure File Exchange – or SFX. Under this system we establish a secure account for a member or professional contacts whereby they are notified by e-mail that a document is available to view or download directly via on-line website access to Barnett Waddingham’s systems, thus preserving the confidentiality, integrity and availability of the information. This system is also available to securely view bank account transactions with the Bank of Scotland. We will hopefully be adding further banks to this facility in due course.
These security measures are constantly monitored to improve effectiveness, with regular audits being undertaken both within the firm and by external parties. We are pleased to confirm that Barnett Waddingham are certified to ISO 9001:2008 and ISO 27001:2013.
All staff are given appropriate training and the resources necessary to comply with these standards and of course all legal and regulatory frameworks. Our in-house Information Security Manager also liaises with third party suppliers to see if they meet our compliance requirements.