Security Policy
Security Policy
Effective Date: 11/10/2025
Last Updated: 11/10/2025
1. Purpose and Scope
1.1 This Security Policy (“Policy”) establishes the principles and responsibilities governing information security within Safe Trade Solutions Ltd (“Safe Trade Solutions”, “we”, “us”, or “our”).
1.2 The Policy applies to all employees, contractors, suppliers, partners, and users who have access to Safe Trade Solutions Ltd information systems, data, and infrastructure.
1.3 The objective of this Policy is to preserve the confidentiality, integrity, and availability of all data processed by Safe Trade Solutions Ltd, including customer, operational, and system data.
​
2. Information Security Objectives
2.1 To protect information assets from unauthorised access, disclosure, modification, or destruction.
2.2 To ensure the continuity of Services and minimise business disruption through secure, resilient infrastructure.
2.3 To maintain compliance with all applicable laws, including the UK GDPR and Data Protection Act 2018.
​
3. Governance and Responsibilities
3.1 Senior management is responsible for establishing, maintaining, and reviewing this Policy and ensuring adequate resources for its enforcement.
3.2 The Data Protection Officer (DPO) oversees data protection and privacy compliance, including risk assessment and incident coordination.
3.3 All employees and contractors must comply with this Policy, complete regular training, and report any suspected security incidents immediately.
​
4. Access Control
4.1 Access to systems and data shall be granted strictly on the principle of least privilege.
4.2 Users must use strong passwords or equivalent secure authentication methods and must not share credentials.
4.3 Multi-factor authentication (MFA) shall be used for all privileged accounts and system administration access.
4.4 Access rights shall be reviewed periodically and revoked promptly upon role change or termination.
​
5. Data Handling and Storage
5.1 All personal and sensitive data shall be processed and stored securely in accordance with the UK GDPR and the Data Protection Act 2018.
5.2 Data in transit shall be encrypted using TLS or an equivalent secure protocol.
5.3 Data at rest shall be protected using industry-standard encryption and access controls.
5.4 Backups shall be performed regularly, stored securely, and tested periodically to ensure recovery integrity.
5.5 Data retention shall comply with the Safe Trade Solutions Ltd Data Retention Policy, and data shall be securely deleted or anonymised once no longer required.
​
6. System and Network Security
6.1 All systems shall be configured securely, maintained with up-to-date patches, and monitored for vulnerabilities or unusual activity.
6.2 Firewalls, anti-malware, and intrusion detection measures shall be implemented and maintained.
6.3 Remote access to systems shall only be permitted through secure VPN connections or equivalent encrypted channels.
​
7. Incident Management
7.1 All suspected or actual security incidents must be reported immediately to the DPO or designated incident response lead at Safe Trade Solutions Ltd, Portland House, 113-116 Bute Street, Cardiff CF10 5EQ.
7.2 Incidents will be investigated promptly and documented, including the cause, impact, and remedial actions taken.
7.3 Where required, the Information Commissioner’s Office (ICO) and affected individuals shall be notified within applicable statutory timeframes (normally within 72 hours for personal data breaches under Article 33 UK GDPR).
​
8. Physical Security
8.1 Physical access to offices, data centres, or storage areas must be controlled and restricted to authorised personnel only.
8.2 All devices used for Safe Trade Solutions Ltd operations (including laptops and mobile devices) must be password-protected and, where possible, encrypted.
8.3 Visitors must be escorted and supervised in secure areas.
​
9. Third-Party Access and Cloud Security
9.1 Third-party vendors and contractors with access to Safe Trade Solutions Ltd data must have appropriate contractual and technical security measures in place.
9.2 Cloud service providers shall be selected based on compliance with UK GDPR, data locality requirements, and evidence of robust security practices.
9.3 Data transfers outside the United Kingdom shall be governed by adequacy regulations or approved standard contractual clauses.
​
10. Security Awareness and Training
10.1 All employees and contractors must complete mandatory information security and data protection training upon onboarding and annually thereafter.
10.2 Awareness campaigns shall be conducted periodically to reinforce good security practices and remind staff of emerging threats such as phishing or social engineering.
​
11. Compliance and Review
11.1 Safe Trade Solutions Ltd shall regularly review this Policy to ensure its continued effectiveness and compliance with legislative and regulatory requirements.
11.2 Audits and penetration tests may be conducted periodically by qualified internal or external parties.
11.3 Failure by any employee or contractor to comply with this Policy may result in disciplinary or contractual action.
​
12. Liability and Disclaimer
12.1 While Safe Trade Solutions Ltd employs reasonable security measures, it cannot guarantee absolute protection against all threats.
12.2 To the fullest extent permitted by law, Safe Trade Solutions Ltd shall not be liable for any loss or damage arising from unauthorised access, data breaches, or third-party misuse, except where liability cannot lawfully be excluded.
​
13. Policy Maintenance
13.1 This Policy shall be reviewed at least annually or following significant changes to our operations, technology, or applicable laws.
13.2 The most current version of this Policy will be published on our internal documentation portal and made available to clients upon request.
Safe Trade Solutions Ltd
Portland House,
113-116 Bute Street,
Cardiff CF10 5EQ