Supplier Policy

At Cyluki Security Ltd, we are dedicated to protecting our digital assets and those of our clients through robust cybersecurity measures. Our Supplier Security Policy outlines the security expectations for all suppliers to ensure the confidentiality, integrity, and availability of information within our supply chain.

Supplier Requirements:

  1. Security Standards: Suppliers must implement security controls that align with industry best such as, ISO 27001, Cyber Essentials, and compliance with the UK Data Protection Act and GDPR. Suppliers must protect all personal and sensitive data in accordance with these regulations.

  2. Training and Awareness: Suppliers must ensure that all personnel with access to Cyluki Security Ltd data or systems are trained regularly in cybersecurity best practices, data protection laws, and procedures for handling sensitive information.

  3. Data Protection (UK): Suppliers are responsible for ensuring the protection of all personal data in compliance with the UK Data Protection Act 2018 and GDPR. They must implement appropriate technical and organizational measures to prevent unauthorized access, processing, or loss of data.

  4. Access Controls: Suppliers must restrict access to sensitive data and systems to authorized personnel only, following the principle of least privilege. Access rights should be reviewed periodically and adjusted as necessary.

  5. Incident Reporting and Disclosure: Suppliers must have an incident response plan to respond to actual or suspected security incidents or data breaches that could affect Cyluki Security Ltd or its clients. This includes unauthorized access, data loss, or any compromise to security controls. Full disclosure of the incident and mitigation measures taken must be provided promptly.

  6. Non-Compliance: Failure to comply with this policy or any other security requirements may result in termination of the supplier relationship. Non-compliance with relevant data protection laws or security standards could lead to legal action and financial penalties.

  7. Audits and Assessments: Suppliers may be subject to r security assessments and audits by Cyluki Security Ltd or third-party auditors. Any vulnerabilities identified during these assessments must be addressed promptly.

  8. Termination of Access: Upon the conclusion of a contract or partnership, Cyluki Security Ltd will revoke access to our systems and data. Suppliers must securely delete or return all Cyluki Security Ltd data or that of their clients with the exception of data that is retained for legal or regulatory purposes.

Review

This Security Supplier Policy is regularly reviewed and updated in line with the changing threat landscape and changes to business operations. For queries or concerns relating to this policy

Further Information

Please contact contact@cylukisecurity.co.uk.