This Is LD
This Is LD
This Is LD

Information Security Policy

1. Introduction

Lacoudhir Design LTD (the company) is committed to maintaining the confidentiality, integrity, and availability of information assets to protect the interests of our clients, employees, and partners. As a full-service marketing agency operating globally and registered in the UK, Lacoudhir Design LTD acknowledges its responsibility to safeguard sensitive data, including personal, corporate, and intellectual property information. This policy sets out our approach to information security and compliance with relevant legal, regulatory, and industry standards.

2. Scope

This policy applies to all employees, contractors, vendors, and third parties who handle, access, or process information related to Lacoudhir Design LTD’s operations. It covers all company-owned systems, networks, cloud services, software, and hardware, regardless of location.

3. Objectives

  • Protect client and company information from unauthorised access, disclosure, alteration, and destruction.
  • Comply with legal and regulatory requirements, including GDPR, the UK Data Protection Act 2018, and ISO 27001 best practices.
  • Establish a culture of security awareness and risk management.
  • Maintain business continuity and prevent disruptions from security incidents.

4. Roles and Responsibilities

4.1 Senior Management

  • Ensure implementation and enforcement of this policy.
  • Provide necessary resources and training for security initiatives.
  • Regularly review security policies and practices.

4.2 Employees & Contractors

  • Adhere to security policies, procedures, and best practices.
  • Report security incidents, vulnerabilities, or breaches immediately.
  • Ensure the security of passwords, devices, and access credentials.

4.3 IT & Security Team

  • Monitor and maintain secure IT infrastructure.
  • Conduct security risk assessments and audits.
  • Implement and enforce access controls, encryption, and network security measures.

5. Data Classification & Handling

All information must be classified based on sensitivity and handled accordingly:

  • Public: Can be freely shared (e.g., marketing content, press releases).
  • Internal Use Only: Restricted to employees and authorised third parties.
  • Confidential: Includes client data, financial records, contracts, and proprietary information. Must be encrypted and stored securely.
  • Restricted: Highly sensitive data requiring strict access control, including login credentials and personal data.

6. Access Control

  • Access to systems, data, and applications is granted based on business needs and follows the principle of least privilege (PoLP).
  • Multi-Factor Authentication (MFA) is required for accessing critical systems.
  • Periodic reviews of user access rights are conducted to ensure compliance.

7. Physical & Network Security

  • All company devices must have security software and up-to-date patches.
  • Secure VPNs are required for remote work.
  • Office environments must have restricted access to authorised personnel only.
  • Data centres and cloud services must comply with recognised security standards (e.g., ISO 27001, SOC 2).

8. Data Protection & Privacy Compliance

  • Lacoudhir Design LTD adheres to GDPR and the UK Data Protection Act 2018.
  • Personal data collection, processing, and storage must align with privacy laws.
  • Data subject requests (e.g., access, rectification, deletion) must be handled promptly.
  • Data transfers outside the UK/EU must follow GDPR requirements, including Standard Contractual Clauses (SCCs) if applicable.

9. Incident Management & Response

  • Any suspected or actual security incident must be reported to the CEO immediately.
  • Lacoudhir Design LTD has an Incident Response Plan (IRP) in place to mitigate, contain, and investigate breaches. Please review our Data Breach Policy
  • Post-incident reviews are conducted to improve security measures and prevent recurrence.

10. Third-Party & Vendor Security

  • Vendors and third-party service providers must comply with Lacoudhir Design LTD’s security standards.
  • Security audits and due diligence are conducted before engaging with external providers.
  • Sensitive Data shared with vendors must be protected via Data Processing Agreements (DPAs) and encryption.

We use cookies to give you the best experience. Cookie Policy