Formed in 1988, Aspect Contracts is one of the few national asbestos risk management companies, supported by more than 200 skilled and trained employees based in five regional offices strategically located throughout the UK. The business has put colleague welfare, health and safety and professional standards and accreditation at the heart of its business practices since its inception.
Andy Smith, Group Operations IT Manager at Aspect Contracts, explains the company’s approach to accreditation and its journey to GDPR compliance.
“As a national contractor, we are the chosen partner of a large number of blue-chip organisations and provide bespoke solutions to their asbestos related issues. Working with such a well-known hazardous material and businesses that are themselves highly accredited, we must maintain highest professional business standards,” explains Andy.
As well as industry specific regulations, such as the Control of Asbestos Regulations 2012 (CAR), Aspect Contracts also holds quality assurance certification to ISO 9001:2008, health and safety to OHSAS 18001:2007 and environmental management to ISO 14001:2004.
“As our business, and those that we deal with, makes greater use of digital information stored at our premises and in trusted cloud services, we recognised the need to show that we were controlling that data in a professional manner. The imminent implementation of GDPR by EU countries further underlined this need.”
Aspect Contracts looked at the many issues around data management and information security and chose to become accredited under the ISO/IEC 27000 family of standards that helps organisations keep information assets secure. Aspect worked with Strident to ensure it had the technical resources to deliver the data security required.
“ISO 27001 is the gold standard for business operating at this level. By achieving this we have gone above and beyond what is required for GDPR but the same basic principles are the same for both: show that you have collected and are using the data in an ethical manner and that you have taken all reasonable steps to keep the data safe,” says Andy.
In order to deliver the necessary data security, Aspect worked with Strident to ensure its networks were secure, up to date and segregated. This limits the ability for unauthorised users to accidentally or maliciously access privileged information.
To increase data security, Aspect is looking to encrypt all data on laptops, which are vulnerable to theft or loss. Data encryption goes beyond a simple login password placing all the data on the computer in a secure wrapper that prevents unauthorised access even if the computer’s hard drive is removed and attacked directly. Aspect is also moving to secure backups, locally encrypting backups before the dataset is copied to an external or cloud drive. This ensures only authorised individuals can recover backup data.
Although GDPR compliance is a legal requirement by May 2018, Aspect’s customers can be assured that it is professional business that takes data security seriously.
“The General Data Protection Regulation clearly outlines good practices that ethical businesses should be doing anyway. We have found that working through these regulations has helped us to keep our business data well-organised and secure,” adds Andy.
Chris Joberns, Managing Director at Strident highlights that the amount of work required to become GDPR compliant will vary considerably from business to business but that the fundamental IT data security steps are the same for all. “We have identified the 9 Critical Issues that businesses should be addressing in partnership with their IT Support suppliers. Becoming GDPR compliant is far more than adding some software and with potentially very large fines for non-compliance, businesses should take a proactive approach to ensure they are ready by May 2018,” adds Chris