We have established, implemented, and maintain the processes needed to meet customer and legislative requirements and those of our interested parties. The documented information library identifies the processes and their current status.

Breach reporting, subject access requests and data protection impact assessments are mandated through GDPR and processes have been established to ensure that they are managed appropriately and effectively.

Process owners have been defined and are responsible and accountable for ensuring that ISMS & PIMS processes are effective and achieving their intended outcomes.

We shall continually review the consequences of any planned or unplanned changes to our processes  to ensure any adverse effects are controlled.

We will also ensure that outsourced processes are controlled or influenced and that suppliers and sub-contractors work within our ISMS & PIMS.

We shall maintain documented information to the extent necessary to have confidence that the processes have been carried out as planned.

OPERATION (the administration of business practices to create the highest level of efficiency possible within an organization in enhancing performance)

Operational and Risk Management Processes

We have established, implemented and maintain a process for the handling of major incidents or potential major incidents.  We have considered the following when creating this process which are:

  • planned actions are established to prevent or mitigate any lasting impact

  • response to the emergency incident itself

  • periodically testing the planned actions

  • review and revise the process as a result of an emergency situation or the outputs from the tests

  • provide the necessary information, training and documentation to staff and other interested parties relating to business continuity


Other operational duties as defined in GDPR include:

  • liaising with the Supervisory Authority (ICO) - Data Protection Officer

  • complaint handling

  • data breahes

  • subject access requests

  • contracts - customers and suppliers

  • privacy notices and communication

  • data protection impact assessments