Need help? Contact us on 01227 719997 or headoffice@regentelectrical.com

01227 719997

headoffice@regentelectrical.com

Log into your Account Portal
“No gimmicks, just great products, prices and people”
Log into your Account Portal

Cyber Security Policy – June 2025

1. Policy Statement
Electrical Wholesale Systems Ltd is committed to protecting its information assets, systems, and data from cyber threats. This policy establishes the framework for safeguarding company, customer, supplier, and employee information across all trade sales branches.

2. Scope
This policy applies to all employees, contractors, temporary staff, all company locations, and all IT systems including computers, cloud services, ERP systems, and networks.

3. Legal and Regulatory Compliance
The company complies with UK GDPR, the Data Protection Act 2018, the Computer Misuse Act 1990, and relevant UK cyber security regulations.

4. Roles and Responsibilities
Directors are responsible for oversight. IT management implements controls. Employees must follow security procedures and report incidents.

5. Information Security Principles
The company follows confidentiality, integrity, and availability principles to protect data.

6. Access Control
System access is granted on a least-privilege basis. Strong passwords and MFA must be used where available. Access is removed promptly when no longer required.

7. Acceptable Use
IT systems must be used for legitimate business purposes only. Unauthorised software, devices, or activities are prohibited.

8. Device Security
All company devices must be protected with antivirus software, security updates, and device lock controls. Lost or stolen devices must be reported immediately.

9. Network and Branch Security
Branch networks must be secured with firewalls, secure Wi-Fi, and segregated guest access. Remote access must be encrypted.

10. Data Protection
Personal and sensitive data must be handled in accordance with UK GDPR. Data must be stored,
processed, and shared securely.

11. Backup and Business Continuity
Regular backups of critical systems must be taken, secured, and tested to ensure business continuity.

12. Cyber Security Incidents
All suspected incidents must be reported immediately. Data breaches will be investigated and reported to the ICO where required.

13. Third-Party Security
Suppliers must demonstrate appropriate cyber security controls and comply with data protection obligations.

14. Training and Awareness
All staff must receive cyber security awareness training and phishing awareness education.

15. Monitoring and Compliance
Systems may be monitored to ensure compliance. Breaches may result in disciplinary or legal action.

16. Policy Review
This policy will be reviewed annually or following significant changes.

17. Approval

Approved by the Directors of Electrical Wholesale Systems Ltd.