Summary
Security is core to running a network. This policy sets out how AxiaNET protects the confidentiality, integrity and availability of our systems and the customer data we hold. Our controls follow recognised good practice aligned to ISO 27001 and Cyber Essentials.
Access control
- Least-privilege access — staff get only the access their role requires.
- Multi-factor authentication on administrative and remote access.
- Joiner, mover and leaver processes to keep access current.
- Strong, unique credentials managed through a password manager.
Protecting systems & data
- Encryption in transit and at rest for sensitive data.
- Timely patching of operating systems, firmware and software.
- Endpoint protection, network firewalling and segmentation.
- Centralised logging and monitoring of key systems.
- Regular, tested backups held securely off-site.
People
Staff receive security-awareness training, and everyone is responsible for protecting information they handle. Suppliers with access to our systems or data are held to equivalent standards.
Incident response
We have a defined process to detect, contain and recover from security incidents, and to notify affected customers and the ICO where required. Report a suspected incident immediately to helpdesk@axia.co.uk or 01923 333 111.
Review
This policy is owned by the management team and reviewed at least annually and after any significant incident.