1. Purpose and Scope

The objective of this Information Security Policy is to define the high-level principles and framework for maintaining information security at Peak Signal Limited (“Peak Signal”).

This policy applies to all Peak Signal personnel, including employees, partners, associates, and third-party contractors. It operates alongside our internal Acceptable Use Policy and operational security procedures to ensure the continuous protection of our business, our reputation, and our clients’ data.

2. Core Security Objectives

Peak Signal is committed to safeguarding the Confidentiality, Integrity, and Availability of all data and information assets we manage or host. Our objective is to prevent and minimise the impact of security incidents, ensuring uninterrupted service for our dashboard reporting tools.

3. Roles and Responsibilities

The Management Team of Peak Signal holds ultimate responsibility for this policy, including allocating resources for security initiatives and ensuring that all personnel adhere to its standards. Any exceptions to this policy must be formally documented and approved by Management.

4. Our Security Principles & Pillars

To meet our security objectives and manage risk effectively, Peak Signal implements the following core controls:

  • Risk Management: We routinely analyse and assess information security risks to ensure our technical and organisational controls remain robust and proportional to the threats we face.

  • Access Control: Access to client data and internal systems is tightly controlled, restricted based on business necessity, and managed under the principle of “least privilege.”

  • Data Protection & Encryption: We employ industry-standard encryption protocols to protect data both in transit (while moving across the internet) and at rest (within our hosting environments).

  • Continuous Awareness: All personnel receive regular communication and training regarding their information security responsibilities and modern cybersecurity threats.

  • Incident Response: We maintain an internal incident management framework to rapidly detect, report, and mitigate potential data breaches or system vulnerabilities.

  • Continuous Improvement: We routinely review our security performance, policies, and supporting systems to adapt to changing regulatory environments and evolving cyber threats.

  • Business Continuity & Resilience: We maintain comprehensive Business Continuity Plans (BCP) that are updated annually to ensure system availability. This framework includes robust incident management elements to rapidly mitigate operational disruptions and safeguard client services.

5. Compliance and Enforcement

Compliance with this policy is mandatory. Failure to comply by any member of personnel may result in disciplinary action up to and including termination of employment or contract.

6. Industry Standards & Frameworks

Peak Signal designs its security practices to align with the technical controls of the UK Cyber Essentials framework, ensuring a culture of security by design.

7. Contact

For questions or further details regarding Peak Signal’s security architecture and data protections, please contact us at hello@peaksignal.io.