Confidentiality, Privacy & Data Statement
At Frontier, we understand the importance of ensuring our systems and data are protected. We do this by applying established best practices across the organisation; with robust business continuity and disaster recovery plans supported by our information security policies, processes, technologies, and tools needed to prevent and detect potential security incidents, both on premise and in the cloud.
As a UK company, we have adapted our privacy standards to meet the requirements of the UK GDPR and Data Protection Act 2018. We have implemented appropriate technical and organisational measures to protect personal data and uphold the 7 key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
We undertake an annual assessment performed by an independent third party that rates our maturity against a range of controls in ten different privacy disciplines. This drives data protection best practice and continuous improvement across the business. Aside to this we strive to fulfil our customers fundamental data protection rights regards their personal data.
All information is assigned an owner and classified according to our classification standard. Each level of classification is governed by increasingly strict requirements as defined in our Information Handling Policy to ensure we maintain the confidentiality, integrity and availability of our systems and data.
Our risk management process encompasses both internal and external assessments, prioritising risks deemed critical or high in a timely fashion.
Supply chain risk is assessed and appropriate treatment applied, allowing us to perform thorough due diligence and implement additional compensating controls if required, based on any risks identified. Where Frontier engages with data processors, we ensure appropriate contractual terms are in place and enter into data processing agreements.
Our employees are required to undertake annual security awareness training to ensure they are able to recognise common cyber threats that could put the organisation at risk, as well as providing personal data processors knowledge on handling personal data safely and securely.
We continue to utilise best practices from recognised industry frameworks like NIST and CIS, as well as aligning ourselves with the ISO27001 standard to help enhance the organisations security posture and protect the organisation from the most common cyberattacks, ensuring the foundational security controls are addressed.