Security and continuity

Our business continuity arrangements ensures that risks to our business operations impacted by: natural disaster; loss of information technology; global pandemics; adverse weather conditions; industrial disputes/staffing shortages; receivership; loss of premises; loss of utilities, power outage etc. have been assessed and our distributed/remote architecture ensures we can endure business services.

Pelicam are by design a distributed, virtual business so our resources (including people, facilities, IT, information) are already in place to overcome a significant business outage/disaster (the onset of Covid-19 required no changes to our working practices).

We use Microsoft Office applications and Atlassian Confluence; both Tier 1 applications/industry leaders who employ multi layer encryption/authentication.

  • Atlassian/Confluence automatically backs up our data every night by performing a full site export, with multiple history options to restore.

We regularly update our Business Continuity programme. This includes incident management process, notification and recovery procedures that are regularly tested. All staff undertake Business Continuity Management (BCM) training and have clearly defined and documented roles and responsibilities accordingly.

INFORMATION SECURITY

Electronic information is a valuable and sensitive resource and Pelicam accordingly takes appropriate measures to protect from loss or corruption and unauthorised access and modification.

This document defines how Pelicam will secure electronic information:

  • Held in electronic form on any Pelicam computer

  • Used by Pelicam staff and partners

  • By external users and guest users authorized to use elements of Pelicam IT

Pelicam’s Business Manager will review this policy annually and submit revisions for approval. Responsibility for approving this policy and authorising consequent actions lies with Pelicam’s Managing Partner.

Pelicam Business Manager maintains the directory of people authorised to use Pelicam technology. Pelicam staff, external users and guest users are subject to Pelicam conditions of use of IT but have differing rights and responsibilities.

For the purpose of this policy:

  • Pelicam staff are those people registered on Pelicam payroll system

  • Guest users are people permitted temporary access to necessary Pelicam IT facilities

  • External users are all other people permitted access to Pelicam systems.

All Pelicam staff have a right, subject to Pelicam regulations, to use relevant Pelicam IT systems and a duty to use IT responsibility.

External users do not have an automatic right to use Pelicam IT. Authorisation for external users will be subject to written agreement with that user to Pelicam’s policy and be subject to Pelicam regulations and approval by Pelicam Managing Partner.

Guest users may be permitted limited rights to use Pelicam IT subject to appropriate controls.

IT Services will maintain an inventory, subject to audit, of assets in three categories:

  • Pelicam Business Systems

  • Hardware inventory

  • Software inventory

For each item, the inventory will state which Pelicam service has responsibility for security aspects of that asset in accordance with overall policy. This inventory is in addition to asset records maintained under Pelicam financial regulations. Any system and the data it contains that is not part of the above inventory is the responsibility of the creator of that system and is subject to this Information Security Policy.

All staff (including temporary staff) must agree to written terms and conditions covering use of IT when they register to use Pelicam IT.

Temporary staff accounts will be set to expire at the end of the staff contract period.

The Pelicam Business Manager will ensure:

  • Confidentiality agreements form part of the terms and conditions with all parties

  • Awareness training about electronic information security forms part of Pelicam staff induction programmes

  • Information for all staff on electronic information security is maintained in the Pelicam Operating Guide

  • All references are checked prior to a member of staff’s commencement of employment

Pelicam must ensure that where there are specific security roles and responsibilities that these are documented in all relevant job descriptions and that there is appropriate screening of applicants.

Access to Pelicam systems may be withdrawn and Pelicam disciplinary procedures will be invoked where a serious or deliberate breach of the policy is made.

All external users must be sponsored by the Pelicam Managing Partner. The external user must agree in writing to terms and conditions and sign up to the Pelicam NDA and Co-op Agreement. External user accounts will be of limited duration (maximum of 12 months).

Guest user accounts may be used to allow visitors strictly limited access to Pelicam systems. Access to corporate systems, protected electronic resources, Pelicam email services and personal file store will not be permitted for guest users.

Approved by
Peter Mayer
Pelicam Managing Partner
10/10/2023