Information Security and Privacy Policy


We are committed to pursuing excellence while delivering services within a secure environment, protecting our customers and our own information assets and continually improving information security within our organisation to minimise exposure to risks.


The purpose of this policy is to establish a general approach to information security and privacy to detect and prevent the compromise of information such as misuse of data, networks, computer systems and applications, and to protect the reputation of the company with respect to its ethical and legal responsibilities.


This policy applies to all employees, contractors, customers, visitors, and to all data held or processed by us, including programs, systems, facilities and technical infrastructure.


Our approach is dynamic and includes a commitment to continual improvement through a process of incident reporting, risk assessment and regular audits. It complements our established Information Security, Privacy and Quality Management System and provides a framework for establishing and reviewing security objectives. An appointed board member is an executive sponsor for information security; to support and ensure effective implementation of an information security system across the business as a priority. 

It is therefore our policy to: 

Supporting policies have been developed to strengthen and reinforce this policy statement and are published on the Do The Right Thing SharePoint Site as part of the Staff Handbook. All employees are required to familiarise themselves with these supporting documents and to adhere to them in our working environment. The Information Security Officer in partnership with the Kerv Governance Operations team is responsible for implementation, monitoring and communicating the company’s Information Security Policy and making sure it is understood at all levels.

Responsibilities of the Information Security Manager

Our Information Security Manager is responsible for all access policies and documentation, audit trails, event reporting and ensuring compliance through adequate training programs. The role is required to support periodic security audits both internal and external to ensure that all required evidence has been captured, and that information is accurate and complete. 

Our Information Security Manager (assisted by the Kerv Governance Operations team to either fulfil or maintain oversight of the listed tasks) is responsible for:  


The Chief Information Security Officer, supported by the Governance Team, are responsible for this policy and its implementation. We commit to providing the relevant resource and to reviewing this policy annually and communicating it within the organisation and to external interested parties.

The UK government mandates several statutory obligations regarding information security. This policy therefore actively complies and supports:

External Assurance

We appoint independent external auditors to assess and confirm our compliance with ISO 27001, 27701 and 9001 standards on an annual basis.

Worth Digital

is now part of Kerv

In a continued effort to ensure we offer our customers the very best in knowledge and skills, Kerv has acquired Worth Digital.