Data privacy: people and processes
We address our data privacy obligations through a programme involving people, process, and technology. The group’s Compliance Officer ensures we maintain compliance with applicable data privacy laws. We also have a dedicated team of information security professionals who ensure appropriate measures are in place to safeguard data in the group’s possession.
Information security oversight
We address our data privacy obligations through a programme involving people, process, and technology. The group’s Compliance Officer ensures we maintain compliance with applicable data privacy laws. We also have a dedicated team of information security professionals who ensure appropriate measures are in place to safeguard data in the group’s possession.
Physical security
We control, monitor and restrict access to physical areas where we process end-user data. Additionally, all data centres we use adhere to ISO 27001 standards.
Physical security
We deploy next-generation firewall technology, as well as an intrusion detection and prevention system to generate and respond to alerts that could indicate compromise of our network.
We apply security-by-design principles through the software development lifecycle, track vulnerabilities, and run internal and external network scans continuously. We also retain a qualified third-party to conduct penetration testing on an annual basis.
Subcontractors
We conduct appropriate due diligence prior to engaging IT contractors (i.e., third-party agencies and external developers) to assess their security capabilities. As part of the process, confirmation of adherence to our key information security policies and standards is required. We also engage external agencies to conduct background checks on external personnel.
Risk management
We conduct annual information security risk assessments in compliance with the ISO 27001 framework. Our risk management programme consists of third-party assessments and monitoring, alignment with industry standards, identifying data security risks as well as identifying, tracking and remediating risks.
Business continuity and disaster recovery
Westcon implements and maintains an IT business continuity management program that addresses the needs of the business including business impact analysis and disaster recovery planning. Plans are reviewed annually to ensure they continue to meet the needs of the business.
Ransomware
Our comprehensive ransomware attack strategy is designed to identify, contain, analyse, remedy, and recover. We use CyberVault for fully encrypted, near real-time backups of mission-critical data.
