Read our
Privacy Policy

Information Technology

Security and Privacy Policy

Senior Fitness LTD

Contents
‍Information Technology Security and Privacy Policy - available on request
‍Data Breach Procedure - available on request                                                                 
‍Clear Desk Policy - available on request                                                                          
‍Unverified Networks and Devices Policy - available on request                              
‍Appendix 1- Supplier GDPR Questionnaire and Declaration - available on request

Information Technology Security & Privacy Policy‍

‍The purpose of the Information Technology Security and Privacy Policy ("Policy") is to form the basis  for securing and protecting the information assets and environment in which Senior Fitness operates and to outline the overall management framework and guiding principles for information security and privacy.

The primary goals of this information security policy are as follows:
- To identify through appropriate risk assessment (Privacy Impact Assessment – PIA), the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk.
- To manage the risks to an acceptable level through the design, implementation and maintenance of a formal Information Security Management System.
- To minimise IT risks in the most cost-effective manner, offsetting the cost of controls against the anticipated reduction in losses due to security breaches.

The implementation of this policy is important to maintain and demonstrate our integrity in our dealing with customers and suppliers. It is the policy of Senior Fitness Ltd to ensure:
- Confidentiality and privacy of information is maintained.
- Integrity of information through protection from unauthorised modification.
- Availability of information to authorised users when needed.
- Information is protected against unauthorised access.
- Information is not disclosed to unauthorised persons through deliberate or careless action.
- Regulatory and legislative requirements will be met.
- Business continuity plans are produced, maintained and tested.
- Information security training is given to all Employees where relevant.
- All breaches of information security and suspected weaknesses are reported and investigated.

Information security practice in Senior Fitness Ltd is guided by the following fundamental principles:
- Information security controls are necessary to protect Senior Fitness Ltd information against unacceptable risks to its:
            - Confidentiality (e.g. preventing unauthorised disclosure of sensitive
              corporate or personal information),  
             - Integrity (e.g. ensuring that human errors and programming bugs do not
               reduce the completeness or accuracy of our data); and
             - Availability (e.g. minimising unplanned system downtime and consequent
               interruption of critical business processes).

Senior Fitness Ltd invests wisely in proven information security controls which are justified on the basis of lifecycle cost/benefit assessment and risk analysis.

Information security is a core element of corporate governance. It is closely related to aspects such as IT management, risk management, legal and regulatory compliance and business continuity. It supports various obligations to our employees, business partners and the community at large.

Information security is a business enabler that allows us to enter more confidently into and maintain business relationships, markets and situations that would otherwise be too risky. By minimising net losses resulting from information security breaches, it supports our financial bottom line. It also enhances our corporate image as a trustworthy, open, honest and ethical organisation.

A Senior Fitness Director will measure and review the effectiveness of our information security efforts on an annual basis.