Introduction

At bigspark Limited, we recognize that information security is critical to our business operations and to maintaining the trust of our clients, partners, and stakeholders. This Information Security Policy outlines our commitment to protecting information assets and ensuring compliance with relevant laws and regulations.

Scope

This policy applies to all bigspark employees, contractors, consultants, temporary workers, and other workers at bigspark, including all personnel affiliated with third parties. This policy applies to all information systems, networks, and data owned or managed by bigspark.

Information Security Principles

bigspark is committed to ensuring:

• Confidentiality: Information is accessible only to those authorized to have access
• Integrity: Information and systems are accurate and complete
• Availability: Authorized users have reliable and timely access to information and systems

Data Classification

All information assets must be classified according to their sensitivity:

• Public: Information that can be freely distributed
• Internal: Information for internal use only
• Confidential: Sensitive business information
• Restricted: Highly sensitive information requiring strict access controls

Access Control

Access to information systems and data is granted based on the principle of least privilege. All users must be authenticated and authorized before accessing bigspark systems. Multi-factor authentication is required for accessing sensitive systems and data.

Data Protection

bigspark implements appropriate technical and organizational measures to protect personal data, including:

• Encryption of data at rest and in transit
• Regular security assessments and penetration testing
• Secure backup and disaster recovery procedures
• Data minimization and retention policies

Security Awareness and Training

All employees must complete security awareness training upon joining bigspark and annually thereafter. Employees with specific security responsibilities receive additional specialized training.

Incident Response

bigspark maintains an incident response plan to detect, respond to, and recover from security incidents. All suspected security incidents must be reported immediately to the security team.

Third-Party Management

Third-party service providers with access to bigspark systems or data must meet our security requirements. Security assessments are conducted before engaging third parties, and ongoing monitoring is performed throughout the relationship.

Compliance

bigspark complies with applicable laws and regulations, including but not limited to:

• UK GDPR and Data Protection Act 2018
• Network and Information Systems (NIS) Regulations
• Industry-specific regulations as applicable

Policy Review

This policy is reviewed annually or when significant changes occur in our business operations or the regulatory environment. Updates are communicated to all relevant personnel.

Contact Information

For questions about this policy or to report security concerns, please contact our security team at security@bigspark.ai