Pixel Fusion Logo In White

Information Security Policy

1. Purpose

This policy establishes the principles and framework for protecting Pixel Fusion Ltd’s information assets against unauthorised access, disclosure, alteration, and destruction. It supports compliance with ISO/IEC 27001 and the UK Cyber Essentials scheme. 

2. Scope

This policy applies to all employees, contractors, suppliers, and third parties who access Pixel Fusion Ltd’s systems, data, or services. 

3. Information Security Objectives

Pixel Fusion is committed to maintaining the confidentiality, integrity, and availability (CIA) of all information assets. We aim to prevent unauthorised access, ensure accurate and reliable data, and maintain availability of services. 

4. Roles and Responsibilities

The Board of Directors has overall responsibility for information security. The Compliance Officer oversees implementation. All employees and contractors are responsible for following security procedures and reporting incidents.

5. Access Control

Access to systems and data is granted based on the principle of least privilege. User roles are defined, and access rights are reviewed periodically. Multi-factor authentication (MFA) is enforced where appropriate. 

6. Asset Management

All physical and digital information assets are inventoried and assigned an owner. Devices must be company-approved and security-checked before use on corporate network. 

7. Acceptable Use

Employees must use systems responsibly. Use of Pixel Fusion’s technology resources for illegal, unauthorised, or unethical activities is strictly prohibited. 

8. Information Classification

Information is classified as Public, Internal, Confidential, or Restricted. Each classification has handling and storage requirements. 

9. Physical and Environmental Security

Access to office spaces and IT infrastructure is restricted to authorised personnel. Equipment must be protected from environmental hazards and unauthorised access. 

10. Cryptographic Controls

Sensitive data must be encrypted in transit and at rest. Only approved cryptographic standards and tools may be used. 

11. System Acquisition, Development and Maintenance

All new systems and software must undergo a security review before implementation. Secure coding practices are enforced during development. 

12. Supplier and Third-Party Management

Suppliers with access to Pixel Fusion information or systems must meet defined security standards. Contracts must include security obligations. 

13. Backup and Recovery

Critical systems and data are backed up regularly. Backups are encrypted, tested, and stored securely off-site. 

14. Security Incident Management

All information security incidents must be reported immediately. Incidents are logged, investigated, and addressed according to our response procedures. 

15. Monitoring and Audit

System activity is monitored, and security logs are reviewed. Audits are conducted to assess compliance and effectiveness of controls.

16. Policy Compliance

Non-compliance with this policy may result in disciplinary action. All employees are required to acknowledge and follow this policy. 

17. Review and Continual Improvement

This policy is reviewed at least annually or following significant changes. Opportunities for improvement are tracked and implemented.