Dotdigital Information Security Policy | Dotdigital
Book a demo

Trust Center

Dotdigital Information Security Policy

June 2021

Aim & purpose

We have defined our commitment to protecting information with our Integrated Management System (IMS); which ensures confidentiality, integrity, and availability of internal, customer and supplier information, and the appropriate handling of all Personally Identifiable Information (PII). The IMS has been designed to address the legal requirements identified and listed in our Legislation Reregister.

Our IMS effectiveness is achieved through understanding the risks and opportunities that may impact information within our business, and by using a number of controls including policies, processes, procedures, software, and hardware functions, and by managing these in ways that stakeholders would expect, and that continue to drive future benefit to our business.

These controls are continually monitored, reviewed, and improved to ensure that specific security, privacy, and business objectives are met. This is operated in conjunction with other business management processes and incorporates the applicable statutory and contractual requirements.

Objectives have been defined primarily through the SWOT and PESTLE, although some may come from the Information Security risk assessment, Privacy Impact Assessments (PIAs) and the Management Review; they are designed to drive the management system forward and bring about continual improvement. Objectives will be focused on improving Information Security controls.

Information security

Information Security is controlled through the preservation of:

  • Confidentiality: ensuring that information is accessible only to those authorized to have access;
  • Integrity: safeguarding the accuracy and completeness of information and processing methods;
  • Availability: ensuring that authorized users have access to information and associated assets.

Additionally, the protection of PII is controlled through the adherence to Data Protection principles as defined in applicable legislation.

Awareness and compliance

We operate a program of Information Security and Data Protection awareness and compliance through company inductions, training, and internal audits.

All our employees are empowered to identify any potential weaknesses and/or events that could be information security or privacy incidents (including actual or suspected data breaches) and report through the appropriate management channels.

A robust system is in place to continually improve the security controls by:

  • Taking account of changes to our business requirements and priorities;
  • Considering new threats, risks, and vulnerabilities which may impact the business;

Reviewing the effectiveness of the IMS through internal audits and ongoing management review process.

The overall intent of our management system is to give customers and all other interested parties confidence in our ability to protect all information held and processed by our business.

Table of Contents

Request a demo

  • PLATFORM

  • COMPANY

  • EXPAND & LEARN

  • SUBSCRIBE TO DOTDIGITAL

    Your email address will be handled in accordance with our Privacy Policy. We gather data around email opens & clicks using standard technologies including clear gifs to help us monitor and improve our newsletter.

    This field is for validation purposes and should be left unchanged.

Privacy Policy / Terms of Use / Cookie Use Policy / Modern Slavery Act Transparency Statement / Dotdigital Investor Relations

Dotdigital is a trading name of Dotdigital EMEA Limited (company number: 03762341) whose registered office is at No. 1 London Bridge, London, SE1 9BG.