As a technology led research agency, we take our commitment to information and data security seriously.
We understand the importance of data security and make every effort to ensure that the customer data held on our systems is fully protected. To achieve this, we have developed and implemented a Information Security Management System (ISMS) to ensure legal, regulatory and contractual compliance.
The Information Security Policy includes a framework for setting information security objectives and commits to continual improvement of the ISMS. The policy is authorised under the signature of the Managing Director and compliance with the policy is mandatory.
To demonstrate our commitment to data security, we have obtained and maintained certifications for two internationally recognised standards.
FlexMR holds both the ISO 27001: 2013 and Cyber Essentials Plus certifications. These are internationally recognised standard specific requirements in security management and define comprehensive security controls. In achieving these certifications, we commit to continually managing information security in accordance with recognised and audited best practices.
We adhere to the ISO/IEC 27001:2013 specification which governs the requirements for establishing, implementing, maintaining and continually improving an information security management system.
Cyber Essentials is a UK government backed scheme from the National Cyber Security Centre, awarded to organisations that have passed the rigorous, independently verified, certification process.
Our robust information security policies are what keep our clients' data safe. These are implemented on a daily basis by staff in every department.
All information we handle is classified in terms of value, legal requirements, sensitivity and criticality. A detailed set of procedures for labelling and handling have been developed to complement this, and training provided to both staff and suppliers.
Before we work with any third parties, we undertake due dilligence. We always request written assurances and carefully asses the level of risk associated with any third party relationships. All third party relationships are bound by a contractual duty of confidentiality.
The FlexMR InsightHub platform, and associated systems, are hosted in an EU data centre that meets ISO 27001 access control requirements. All data processing occurs within the European Union. We also maintain formal procedures to control access to systems and data alike.
FlexMR have developed and implemented a robust policy covering the use of passwords and cryptographic information. Key management procedures have also been implemented to ensure cryptographic keys are protected; guaranteeing the integrity and confidentiality of sensitive data.
We welcome the introduction of the EU's landmark GDPR regulation which offers an opportunity to further our commitment to data security and prvacy.
FlexMR complies with all applicable GDPR provisions and works together with customers and partners to address contractual obligations for products and services. To date, FlexMR has implemented appropriate technical and organisational measures, including the appointment of responsible officers within the business to manage and deliver Data Protection and Information Security, to ensure as a Data Processor it meets the requirements of GDPR.
We appreciate the impact of GDPR on our customer base, and our partners. We are working with all parties in providing technical solutions to support our clients' GDPR obligations, whether with standard products or as value-added solutions.
If you have any questions relating to the approach FlexMR follows to data protections and security, please contact your account manager, or the nominated Data Protection Officer who can be reached at firstname.lastname@example.org.
Watch our two minute demo to see how the InsightHub research platform drives informed decisions.
Watch our two minute demo to find out what FlexMR can do for you.