The company has a security policy that has been drawn up in line with BS7799 (industry standard recommended best practice). The security policy is owned by the Information Security Officer in the Pakistan office, who ensures its implementation and reports directly to the board of directors.

Each employee is given a copy of the security policy and is made aware of the importance of adhering to it. The security officer ensures that procedures laid down in the security policy are followed by all staff members. In addition following controls are in place to protect data confidentiality and security:

• Staff are not allowed to take any data off-site.

• Disk drives on all computers are disabled to ensure data cannot be stored on a disk and taken off site.

• All staff are issued with a unique user id and passwords. The passwords are changed on a regular basis and all staff are required to keep passwords confidential.

• All staff members are made aware of the Data Protection Act requirements and any personal data printed is shredded on the office premises if no longer required.

• Back up data stored off site is fully encrypted with the decryption key known only to the IT Director and one senior manager in the company.

Data transfer to and from our data server is fully encrypted using 128 bit encryption. Firewalls and Anti virus software is installed on all computers and main server to ensure protection against computer viruses and malicious attacks.

Back office is guarded 24 hours by an armed security guard. Only authorised personnel are allowed into the office premises.

There is a fully documented disaster recovery plan in place to ensure if there were any serious problems with the server the data can be restored quickly and in an efficient manner. Backups are taken daily and weekly back ups are stored offsite. These backups are fully encrypted and only Digital Accounts IT Manager or a Director can decrypt them. Backups are restored frequently to make sure these are in workable condition.