Security Centre

Gain confidence and peace of mind with Fusion GBS's risk, governance, and compliance assurance.

Keeping data and systems secure is a significant challenge that is constantly evolving. We achieve and maintain a range of security and compliance standards that are subject to regular external audits. We can demonstrate that we meet a range of industry requirements and provide assurance that our implemented controls are designed and operating effectively and that they are aligned with the policies set by the security organisation.

That’s why we offer comprehensive security and compliance services. We use a combination of leading technologies, industry best practices, and expert third parties to support our regulatory mandates and those of our customers.

ISO/IEC Standards

International security standards that set out the technical specifications of a management system to ensure information security and personal data protection on-premise and in the Cloud.

GDPR Compliance

Discover how we meet obligations under the EU GDPR, the UK DPA 2018, and how international data transfers into and out of the EEA and how other third countries are protected.

Cyber Essentials

Find out how we are certified to both Cyber Essentials and Cyber Essentials Plus, UK-government schemes backed by the National Cyber Security Centre, to show our full commitment to cyber security.

Industry Specific

We have experience in several industry specific areas, including military and automotive requirements. Read more about our TISAX, NIST, and Def Stan compliance.

Business Ethics

The policies and principles that we observe are to ensure the highest ethical and moral standards and to prevent any corrupt practices while conducting our business activities.

Fusion Security & Compliance Overview

Data Security and Privacy

  • ISO 27001/2-based policies
  • Secured international data transfers
  • Data transfer and data impact assessments
  • Data processing agreements
  • Processes to ensure data integrity, availability, and confidentiality
  • External third-party audits

Operational Security

  • ISO 27001/2-based policies
  • Documented formal change management
  • Information and media handling, labelling, and destruction policies
  • Formal incident management and escalation process
  • Continuous monitoring, SIEM, and IT operations processes
  • Comprehensive internal audit programme

Technical Security

  • Industry standard ticketing system
  • Regularly reviewed and updated Technical & Organisational Measures (TOMs)
  • At least annual PEN tests for applications and infrastructure
  • Configuration management policies including secure configurations
  • Endpoint protection and management
  • Continuous monitoring, SIEM, and IT operations processes
  • Comprehensive internal and external audits of technical controls

Human Resources Security

  • DBS / SC and higher security cleared personnel
  • Comprehensive screening of all staff including background checks
  • Full Joiners / Movers / Leavers (JML) process
  • Non-disclosure and confidentiality agreements
  • Annual mandatory security awareness training (based on UK GCHQ curriculum)
  • Continuous phishing and refresher security training

Physical Security

  • DBS / SC and higher security cleared personnel
  • Comprehensive screening of all staff including background checks
  • Full Joiners / Movers / Leavers (JML) process
  • Non-disclosure and confidentiality agreements
  • Annual mandatory security awareness training (based on UK GCHQ curriculum)
  • Continuous phishing and refresher security training

Security Downloads

Fusion GBS makes available key policies and documents relating to our business activities around core values and ethics.

Security Scorecard

Fusion GBS maintains a suite of industry best practise tools to monitor our protection and compliance status in real-time. Fusion is rated as ‘A’ – the highest available rating by SecurityScorecard, the leading platform for cyber security and readiness ratings. Maintaining this rating reflects our continuous focus on security across all our global locations. The SecurityScorecard platform calculates a rating score by analysing risk groups through real-time monitoring of security practises and other risks. More information is available at securityscorecard.com (external site opens in new window). By using SecurityScorecard, we also demonstrate that we monitor our environment in real-time against potential threats and exploits.