Legal
Website Security Policy
Effective Date: January 2025
This Website Security Policy outlines the measures taken by 24Y Warehouse to protect the security, integrity, and confidentiality of data processed and stored on 24y.com.
1. Purpose
This policy is designed to safeguard the Website and its users against unauthorized access, data breaches, and other security threats. It applies to all users, employees, and third parties interacting with the Website.
2. Scope
This policy covers:
-
The security of the Website’s infrastructure.
-
Protection of user data.
-
Monitoring and response to security incidents.
3. Responsibilities
3.1 Website Administrators: Ensure the Website is regularly updated and patched to address security vulnerabilities.
3.2 Users: Use the Website responsibly and report any suspicious activity or security concerns to support@24y.com.
3.3 Third Parties: Adhere to security protocols when interacting with the Website’s systems or data.
4. Access Controls
4.1 User accounts are protected by robust authentication mechanisms, including password complexity requirements and optional multi-factor authentication (MFA).
4.2 Administrative access is restricted to authorized personnel and requires strong, regularly updated passwords.
4.3 Role-based access control (RBAC) is implemented to ensure users can only access resources necessary for their role.
5. Data Protection
5.1 All sensitive data is encrypted in transit using SSL/TLS protocols.
5.2 Personally identifiable information (PII) is stored securely and accessed only for legitimate business purposes.
5.3 Regular data backups are performed and stored in secure, geographically dispersed locations.
6. Network Security
6.1 A firewall is implemented to prevent unauthorized access to the Website’s network.
6.2 Intrusion detection and prevention systems (IDPS) monitor traffic for suspicious activity.
6.3 Secure protocols (e.g., HTTPS) are enforced for all Website interactions.
7. Software Security
7.1 All software and plugins used on the Website are kept up to date.
7.2 Vulnerability scans are conducted regularly to identify and address potential security issues.
7.3 Third-party integrations are reviewed for compliance with security standards before implementation.
8. Incident Response
8.1 A defined incident response plan is in place to address security breaches or other emergencies.
8.2 Security incidents are logged, analyzed, and reported to relevant stakeholders.
8.3 Affected users will be notified promptly in compliance with applicable laws and regulations.
9. Employee Training
Employees are trained regularly on:
-
Identifying and responding to security threats.
-
Safe handling of sensitive data.
-
Adherence to security best practices.
10. Monitoring and Auditing
10.1 Website activity is monitored continuously for unusual patterns or unauthorized access.
10.2 Regular audits are performed to assess the effectiveness of security measures.
10.3 Logs of user activity and system changes are retained in compliance with legal and regulatory requirements.
11. Compliance
This policy complies with:
-
The UK General Data Protection Regulation (UK GDPR).
-
The Data Protection Act 2018.
-
Other applicable laws and regulations.
12. Policy Review
This policy will be reviewed annually or after significant changes to the Website or applicable laws.
13. Contact Information
For questions or concerns about this policy, please contact:
Email: sales@24y.com
Address: 12 Greenfield Road, Colwyn Bay, Conwy, LL29 8EL
Thank you for helping us maintain a secure online environment.