Confidentiality, Privacy & Data Statement
At Frontier, we understand the importance of ensuring our systems and data are protected. We do this by applying established best practices across the organisation; with robust business continuity and disaster recovery plans supported by our information security policies, processes, technologies, and tools needed to prevent and detect potential security incidents, both on premise and in the cloud.
As a UK company, we have adapted our privacy standards to meet the requirements of the UK GDPR and Data Protection Act 2018. We have implemented appropriate technical and organisational measures to protect personal data and uphold the 7 key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
All information is assigned an owner and classified according to our classification standard. Each level of classification is governed by increasingly strict requirements as defined in our Information Handling Policy to ensure we maintain the confidentiality, integrity and availability of our systems and data.
Our risk management process encompasses both internal and external assessments, prioritising risks deemed critical or high in a timely fashion.
Third-party partner risk is assessed by our procurement, legal, information security, and privacy teams – allowing us to perform thorough due diligence and implement any required compensating controls. Where Frontier engages with data processors, we ensure appropriate contractual terms are in place and enter into data processing agreements.
Our employees are required to undertake annual security and privacy awareness training to ensure they are able to recognise cyber threats that could affect the organisation, as well as know how to handle personal data safely and securely.
We continue to align ourselves with the common cybersecurity frameworks including NIST, CIS and Cyber Essentials, as well as seeking guidance from NCSC to help protect the organisation from the most common cyberattacks, ensuring the foundational security controls are addressed.