D. M. Keith’s COVID-19 Update – please click here for our latest and updated contact information

Information Security Policy


Introduction

Introduction
This top-level information security policy is a key component of D. M. Keith’s overall information security management framework and should be considered alongside more detailed information security documentation including, system level security policies, security guidance and protocols or procedures.

2. Objectives, Aim and Scope

2.1. Objectives
The objectives of the D. M. Keith Information Security Policy are to preserve:

• Confidentiality -Access to Data shall be confined to those with appropriate authority.
• Integrity –Information shall be complete and accurate. All systems, assets and networks shall operate correctly, according to specification.
• Availability -Information shall be available and delivered to the right person, at the time when it is needed.

2.2. Policy aim
The aim of this policy is to establish and maintain the security and confidentiality of information, information systems, applications and networks owned or held by D. M. Keith.

• Ensuring that all members of staff are aware of and fully comply with the relevant legislation as described in this and other policies.
• Describing the principles of security and explaining how they shall be implemented in the organisation.
• Introducing a consistent approach to security, ensuring that all members of staff fully understand their own responsibilities.
• Creating and maintaining within the organisation a level of awareness of the need for Information Security as an integral part of the day to day business.

2.3. Scope
This policy applies to all information, information systems, networks, applications, locations and users/staff of D. M. Keith or supplied under contract to it.

3. Responsibilities for Information Security

3.1. Ultimate responsibility for information security rests with the Managing Directors of D. M. Keith Ltd, but on a day-to-day basis the GDPR TFT (TFT) shall be responsible for managing and implementing the policy and related procedures.
3.2. Line Managers are responsible for ensuring that their permanent and temporary staff and contractors are aware of:-
• The information security policies applicable in their work areas
• Their personal responsibilities for information security
• How to access advice on information security matters

3.3. All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action.
3.4. The Information Security Policy shall be maintained, reviewed and updated by the GDPR TFT.
3.5. Line managers shall be individually responsible for the security of their physical environments where information is processed or stored.
3.6. Each member of staff shall be responsible for the operational security of the information systems they use.
3.7. Each system user shall comply with the security requirements that are currently in force, and shall also ensure that the confidentiality, integrity and availability of the information they use is maintained to the highest standard.
3.8. Contracts with external contractors that allow access to the organisation’s information systems shall be in operation before access is allowed. These contracts shall ensure that the staff or sub-contractors of the external organisation shall comply with all appropriate security policies.

4. Legislation

4.1. D. M. Keith is obliged to abide by all relevant UK and European Union legislation. The requirement to comply with this legislation shall be devolved to employees and agents of D. M. Keith, who may be held personally accountable for any breaches of information security for which they may be held responsible. D. M. Keith shall comply with the following legislation and other legislation as appropriate:
• The Data Protection Act (1998)
• The Data Protection (Processing of Sensitive Personal Data) Order 2000
• Computer Misuse Act (1990)
• Freedom of Information Act (2000)
• Health and Safety at Work Act (1974)
• General Data Protection Regulation (2018)

5. Policy Framework

5.1. Management of Security
• At board level, responsibility for Information Security shall reside with the GDPR TFT.
• D. M. Keith’s Security Officer shall be responsible for implementing, monitoring, documenting and communicating security requirements for the organisation.

5.2. Information Security Awareness Training
• Information security awareness training shall be included in the staff induction process.
• An ongoing awareness programme shall be established and maintained to ensure that staff awareness is refreshed and updated as necessary through regular communications.

5.3. Contracts of Employment
• Staff security requirements shall be addressed at the recruitment stage and all contracts of employment shall contain a confidentiality clause.
• Information security expectations of staff shall be included within appropriate job definitions.

5.4. Security Control of Assets
Each IT asset, (hardware, software, application or data) shall have a named custodian who shall be responsible for the information security of that asset.

5.5. Access Controls
Only authorised personnel who have a justified and approved business need shall be given access to restricted areas containing information systems or stored data.

5.6. User Access Controls
Access to information shall be restricted to authorised users who have a bona-fide business need to access the information.

5.7. Computer Access Control
Access to computer facilities shall be restricted to authorised users who have business need to use the facilities.

5.8. Application Access Control
Access to data, system utilities and program source libraries shall be controlled and restricted to those authorised users who have a legitimate business need e.g. systems or database administrators. Authorisation to use an application shall depend on the availability of a licence from the supplier.

5.9. Computer and Network Procedures
Management of computers and networks shall be controlled through standard documented procedures that have been authorised by the GDPR TFT.

5.10. Information Risk Assessment
The core principle of risk assessment and management requires the identification and quantification of information security risks in terms of their perceived value of asset, severity of impact and the likelihood of occurrence.

Once identified, information security risks shall be managed on a formal basis. They shall be recorded within a baseline risk register and action plans shall be put in place to effectively manage those risks. The risk register and all associated actions shall be reviewed at regular intervals. Any implemented information security arrangements shall also be a regularly reviewed feature of the D. M. Keith risk management programme. These reviews shall help identify areas of continuing best practice and possible weakness, as well as potential risks that may have arisen since the last review was completed.

5.11. Information security events and weaknesses
All information security events and suspected weaknesses are to be reported to the GDPR TFT who can be contacted at taskforce@D.M. KEITH.com. All information security events shall be investigated to establish their cause and impacts with a view to avoiding similar events.

5.12. Classification of Sensitive Information.
The D. M. Keith Task Force shall implement appropriate information classifications controls, based upon the results of formal risk assessments.

Information, Documents and Data classified as sensitive as a result of a formal risk assessment will be treated securely inline with the risk assessment.

5.13. Protection from Malicious Software
The organisation shall use software countermeasures and management procedures to protect itself against the threat of malicious software. All staff shall be expected to co-operate fully with this policy. Users shall not install software on the organisation’s property without permission from the GDPR TFT. Users breaching this requirement may be subject to disciplinary action.

5.14. User media
Removable media of all types that contain software or data from external sources, or that have been used on external equipment, require the approval of the GDPR TFT before they may be used on D. M. Keith systems. Such media must also be fully virus checked before being used on the organisation’s equipment. Users breaching this requirement may be subject to disciplinary action.

5.15. Monitoring System Access and Use
An audit trail of system access and data use by staff shall be maintained and reviewed on a regular basis.

D. M. Keith has in place routines to regularly audit compliance with this and other policies. In addition it reserves the right to monitor activity where it suspects that there has been a breach of policy. The Regulation of Investigatory Powers Act (2000) permits monitoring and recording of employees’ electronic communications (including telephone communications) for the following reasons:
· Establishing the existence of facts
· Investigating or detecting unauthorised use of the system
· Preventing or detecting crime
· Ascertaining or demonstrating standards which are achieved or ought to be achieved by persons using the system (quality control and training)
· In the interests of national security
· Ascertaining compliance with regulatory or self-regulatory practices or procedures
· Ensuring the effective operation of the system.

Any monitoring will be undertaken in accordance with the above act and the Human Rights Act

5.16. Accreditation of Information Systems
The organisation shall ensure that all new information systems, applications and networks include a security plan and are approved by the GDPR TFT before they commence operation.

5.17. System Change Control
Changes to information systems, applications or networks shall be reviewed and approved by the GDPR TFT.

5.18. Intellectual Property Rights
D. M. Keith shall ensure that all information products are properly licensed and approved by the GDPR TFT. Users shall not install software on the organisation’s property without permission from the IT department and the GDPR TFT. Users breaching this requirement may be subject to disciplinary action.

5.19. Business Continuity and Disaster Recovery Plans
The organisation shall ensure that business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks.

5.20. Reporting
The Information Security Officer shall keep the GDPR TFT informed of the information security status of the organisation by means of regular reports and presentations.

5.21. Policy Audit
This policy shall be subject to audit by the GDPR TFT.

Judgeservice

We have been rated 4.34 out of 5 based on 14882 ratings.


I'd suggest D M Keith Skoda Leeds to a friend because there the best people to deal with also produced high quality vehicles for cheap prices

, |

I'd endorse D M Keith Skoda Wakefield because Excellent customer service I have purchased from The Huddersfield branch before A pleasure to deal with

, |

D M Keith Skoda Leeds were really helpful and I'd recommend them because they listen, are friendly and professional and do not push sales but try to accommodate the customer.

, |

D M Keith Skoda Bradford staff were good because they were very knowledgable and polite. I did not feel rushed into making a decision and they gave me details of all of the finance options available. Due to the current COVID-19 situation, Ian contacted me before the hand over to explain how this would be different normal. Overall very impressed

, |

I'd endorse D M Keith Skoda Huddersfield because they have great cars at great prices, which are sold by a friendly and knowledgable team who go out of their way to make your experience a pleasant one.

, |

I'd definitely recommend D M Keith Skoda Leeds because they offer the best deals on purchasing, I love my little car, I sure do feel part of the DM Keith family

, |

Ian the sales guy listened to what we wanted and went out of his way to find and reserve a vehicle for us. Nothing was ever a problem. Second car we've bought from them, and we would certainly buy another from D M Keith Bradford.

, |

I'd suggest D M Keith Skoda Bradford to a friend because offered an excellent service and excellent price for the car I purchased

, |

D M Keith Skoda Leeds were great because very friendly salesman, Chris, kept me up to date with everything and was very helpful!

, |

The experience at D M Keith Skoda Bradford was good because the sales people were very friendly and helpful

, |

I'd recommend D M Keith Skoda York to a friend because sourced a suitable vehicle and were extremely efficient and pleasant to deal with

, |

The presentation of the vehicle itself was not good, and we didn't feel a good enough deal was presented, so we purchased elsewhere.

, |

The experience at D M Keith Skoda Bradford was good because they were very informative, explained all the finance options for a new vehicle very well & gave me a lot of time & care.

, |

I would recommend D M Keith Skoda Leeds to friends and family because the sales information was excellent. The car suits our needs and when the Covid 19 crisis is over we will enjoy drives to visit friends and family.

, |

D M Keith Skoda Hull were great because they tailored my finance package to meet my needs, after extensive conversations regarding my financial situation.

, |

My experience at D M Keith Skoda Hull was memorable because Kevin was very helpful, I found myself in need of a car quickly and he offered to drop it to the address I was living whilst I was at work at so I could have the car the next day. Purchased on Sunday delivered on the Tuesday.

, |

My experience at D M Keith Skoda Hull was memorable because very good service they were so good.

, |

I'd suggest D M Keith Skoda Wakefield to a friend because the selection of cars is first class. Everything was painless.

, |

Vitaly was fantastic, he explained everything clearly and was very passionate about Skoda in general. Also noticed a couple of dents when I came to pick up the vehicle and he arranged to get them sorted straight away so cannot fault anything.

, |

I'd recommend D M Keith Skoda Bradford to anyone because i have now bought 6 Skoda's over 16 years from D M Keith. And am totaly satisfied with the service & care prvided.

, |

I was happy with the service at D M Keith Skoda Huddersfield because all staff from reception to Damian (sales person) were friendly, helpful, knowledgeable, did not push for a sale which I liked. Plus, loved the yeti I bought!

, |

D M Keith Skoda Hull were great because the customer service was great and the sales team were friendly and happy to help.

, |

I was happy with the service at D M Keith SEAT York because we found the car which most matched our needs,it looks and performs great.

, |

The experience at D M Keith Skoda Leeds was fantastic the only criticism I have however. I paid for fuel which had not been put in the vehicle. I told you about this but as yet have not had a return call with a solution.

, |

D M Keith Skoda York were really helpful and I'd recommend them because they were polite, not pushy, helpful and happy to answer any questions.

, |

I was pleased with D M Keith Skoda Hull and would recommend them because they provide a friendly service, they know their stock and do not rush people into a decision.

, |

D M Keith Skoda Hull were great because they made us feel important to them and couldn't do enough for us.

, |

The experience at D M Keith Skoda Bradford was great because they were competitive on price, had a good choice of cars and the attitude of the staff was warm and friendly with no pressure. One of the nicest main dealers that I've dealt with. After sales is also great and dealt with very promptly.

, |

D M Keith Skoda Leeds were helpful because they were very accommodating & professional.

, |

I'd recommend D M Keith Skoda Hull to a friend because had a good experience with them

, |

More Reviews

  Connect with us

Connect with us