01233 743 240

Information Security Policy

1. Purpose

Flowbird Ltd is committed to protecting the confidentiality, integrity, and availability of information assets that it creates, processes, stores, or manages. This policy defines the principles and responsibilities for information security across the organisation and supports compliance with applicable legal, regulatory, and contractual requirements.

2. Scope

This policy applies to:

  • All employees, directors, contractors, and third parties acting on behalf of Flowbird Ltd

  • All information assets, whether electronic, paper-based, or verbal

  • All systems, devices, applications, and services used to process Flowbird Ltd information, including cloud-based services

3. Information Security Objectives

Flowbird Ltd aims to:

  • Protect information against unauthorised access, disclosure, alteration, or destruction

  • Ensure information is available to authorised users when required

  • Reduce information security risks to an acceptable and proportionate level

  • Maintain customer, partner, and stakeholder trust

4. Governance and Responsibilities

  • Senior management holds overall accountability for information security and ensures appropriate resources are provided.

  • Day-to-day responsibility for implementing information security controls is delegated to appropriate operational roles.

  • All staff and contractors are responsible for complying with this policy and related procedures.

5. Risk Management

Information security risks are identified, assessed, and managed on an ongoing basis. Controls are implemented proportionate to the level of risk and the nature of Flowbird Ltd’s operations.

6. Access Control

  • Access to information and systems is restricted to authorised users based on business need.

  • User accounts are protected through appropriate authentication mechanisms.

  • Access rights are reviewed periodically and removed promptly when no longer required.

7. Acceptable Use

Users must:

  • Use Flowbird Ltd systems and information assets for authorised business purposes only

  • Protect login credentials and not share accounts

  • Take reasonable steps to prevent loss, theft, or unauthorised disclosure of information

8. Incident Management

Information security incidents, including suspected data breaches, must be reported promptly. Incidents are investigated, managed, and, where required, escalated in accordance with Flowbird Ltd’s incident and data breach management procedures.

9. Third Parties and Suppliers

Third parties with access to Flowbird Ltd information or systems must maintain appropriate security controls. Security requirements are considered during supplier selection and contract management.

10. Compliance and Review

Failure to comply with this policy may result in disciplinary action or contractual remedies. This policy is reviewed periodically and updated as necessary to reflect changes in risks, operations, or legal requirements.

 

Approved by: Senior Management
Organisation: Flowbird Ltd
Review cycle: Annual or upon significant change