Information Security Policy

Last Updated: November 2025

1. Purpose

Harmonic Action Ltd is committed to protecting the confidentiality, integrity and availability of information entrusted to us.

This policy outlines the principles and controls applied to safeguard information in a manner proportionate to the size and nature of our consultancy operations.

2. Scope

This policy applies to:

  • Directors

  • Contractors and associates working on behalf of Harmonic Action Ltd

  • All information processed in connection with our consultancy services

Information includes electronic data, cloud-based systems, and paper records where applicable.

3. Information Security Principles

We aim to ensure that:

  • Information is protected against unauthorised access

  • Information remains accurate and reliable

  • Information is available when required for legitimate business purposes

  • Legal and contractual obligations are met

  • Information is securely disposed of when no longer required

4. Access Control

Access to company systems and information is restricted to authorised individuals.

Controls include:

  • Unique user accounts

  • Strong passwords

  • Multi-factor authentication where available

  • Limiting access to information based on business need

Passwords must not be shared.

5. Device and System Security

We implement proportionate technical safeguards, which may include:

  • Secure cloud-based systems

  • Device encryption where available

  • Automatic software updates

  • Anti-malware protections

  • Secure Wi-Fi practices

6. Data Handling

Individuals working on behalf of Harmonic Action Ltd must:

  • Exercise care when handling confidential or personal information

  • Avoid unnecessary copying or storage of data

  • Ensure secure transmission of information

  • Take reasonable steps to prevent loss, theft or accidental disclosure

7. Backup and Business Continuity

We use secure cloud-based systems that provide data redundancy and recovery capabilities.

Reasonable steps are taken to ensure information can be restored in the event of system failure.

8. Third Parties

Where third-party service providers are used (such as cloud or hosting providers), appropriate contractual safeguards are in place to ensure data security.

9. Incident Management

Any suspected information security incident must be reported to a Director immediately.

Incidents will be assessed and handled in accordance with our Data Breach Procedure.

10. Responsibility

A Director of Harmonic Action Ltd is responsible for oversight of information security and ensuring this policy remains appropriate to the scale and risk profile of the business.

11. Review

This policy will be reviewed periodically and updated where necessary.

Address

128 City Road, London, EC1V 2NX

Subscribe to stay in touch
Contacts

info@harmonicaction.com
LinkedIn

Company

Registered Company No. 13105152

Copyright © 2025 Harmonic Action Ltd

View our Privacy Notice online