Close

Data

ENVIRONMENT SOCIAL GOVERNANCE

Data

One primary area of risk relates to information security. Failure to protect all sensitive and personal data could arise from the failure of internal processes and standards. Such a breakdown would expose the company to potential malicious and targeted cyberattacks, designed to exploit vulnerabilities. For our business, this potential threat also extends to our third-party service providers.

Our focus is on ensuring that our internal processes and standards are current and sufficiently robust to limit any exposure and potential impact from IT and/or data security failures. To actively protect the interests of all our stakeholders, our processes are designed to help identify and deal with any potential breach as early as possible.     

Business Continuity

Chesnara maintains a business continuity plan (BCP) that makes sure recovery and continuity of all critical services will be achieved within an acceptable time frame. 

The plan is regularly reviewed and tested at least once a year. 

The Group has no appetite for any critical business services being unavailable in each of its business units beyond what local management consider acceptable.

Cyber Risk

Cyber risk means any risk of financial loss, disruption or reputational damage to customers or any part of the Group as a result of our information technology systems. This includes digital technologies, devices and media. Responsibility for cyber risk extends beyond the IT team and preventing any risk is a Group concern.

Data Protection and Privacy

The Company has an Information Security Policy Framework that features policies on all topics relevant to protecting and keeping safe the Company and UK based employees’ information and IT assets. This includes the legal requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, introduced in May 2018. 

Personally identifiable information is only collected where it is specifically and knowingly provided. However, our web server does collect basic information, such as the visitor’s internet service provider's domain name and the pages accessed and when, during a visit to the site. This information is used to analyse the use of our website to help guide improvements.

Data Quality

The Group does not accept poor data quality as a reason for a material misstatement of financial or non-financial information to customers, shareholders, regulators or public bodies. The approach to data quality complies with all relevant regulation, including data sourced and managed both internally and through our Outsourced Service Providers.

Data Security

The Company has an Information Security Policy Framework that features policies on all topics relevant to data security, protecting against any material loss of and/or unauthorised or illegal access to confidential personal or business data.

Powered by Sitecore