Data Security and Privacy

ISO27001 certified

Fair Supply’s Information Security Management System (ISMS) is certified against ISO27001:2013. Download our current ISO27001 Certificate of Registration.

GDPR compliant

Fair Supply complies with EU and UK GDPR requirements.
You can find more information about how we handle personal information in our Privacy Policy.

Information security governance

Fair Supply has established an information security governance framework to govern how we manage risk and develop minimum standards and measures to protect the Confidentiality, Integrity and Availability of information assets and systems.

Our ISMS supports the operationalisation of the governance framework through the development, implementation and continual improvement of technical, administrative, and operational standards and controls for managing information security risk.

Our governance framework and ISMS determine standards and measures for:

  • our organisational approach to risk management
  • information security risk management
  • vulnerability and threat monitoring and management
  • annual penetration testing
  • incident management and response plans and playbooks
  • business continuity and disaster recovery planning and testing
  • backup and restoration routines and testing
  • application security standards and secure development procedures
  • permissions and access controls according to the principle of least privilege
  • segregation of duties and defined roles and responsibilities
  • vendor and third party risk management
  • infrastructure security and ongoing hardening
  • cryptography and passphrase policies including encryption standards for data in transit and at rest
  • physical and facilities security
  • personnel security including background checks and ongoing information security awareness training
  • asset management and destruction
  • device management and endpoint protection including disk encryption, AV and malware protection and monitoring
  • legal and regulatory compliance and contact with relevant authorities
  • privacy and other ongoing compliance requirements.

We keep it high level here on purpose. Our team can answer any security or due diligence questions that may be required for your vendor onboarding processes.

Book a demo or contact