Information security at Bunzl is governed by our Global Information Security Policy. We have a multi-layered approach to network and email security from firewalls, servers through to workstation protection and work with best of breed security partners, and vendors, who provide us with the necessary knowledge, tools and technology to support our multi-layered security and network architecture.
We have implemented a blend of controls using people, processes and technologies from industry leading suppliers. We actively monitor these controls to ensure their effectiveness and to highlight deficiencies and highlight improvements.
Patching is undertaken routinely and we have a dedicated security team responsible for infrastructure and applications. We conduct weekly antivirus scanning of servers and workstations and regular penetration tests and security audits.
Our systems are hosted by a secure Tier 3/4 data centre provider and are backed up and tested regularly. Our data retention policy requires us to securely store backups for a minimum of 7 years Business continuity plans exist in each of our businesses.
Access to our systems is a role based model using least privileged principles, all users are provided with unique access ID’s and passwords that are changed regularly. We monitor and routinely check access control lists for accuracy and appropriateness.
We take the security our customer data very seriously, it is never shared with any 3rd parties and only used appropriately.
We are working with our Security partner towards Cyber Essentials Plus accreditation, which we expect to achieve by the end of 2017.