Gain confidence and peace of mind with Fusion GBS's risk, governance, and compliance assurance.
Keeping data and systems secure is a significant challenge that is constantly evolving. We achieve and maintain a range of security and compliance standards that are subject to regular external audits. We can demonstrate that we meet a range of industry requirements and provide assurance that our implemented controls are designed and operating effectively and that they are aligned with the policies set by the security organisation.
That’s why we offer comprehensive security and compliance services. We use a combination of leading technologies, industry best practices, and expert third parties to support our regulatory mandates and those of our customers.
ISO/IEC Standards
International security standards that set out the technical specifications of a management system to ensure information security and personal data protection on-premise and in the Cloud.
GDPR Compliance
Discover how we meet obligations under the EU GDPR, the UK DPA 2018, and how international data transfers into and out of the EEA and how other third countries are protected.
Cyber Essentials
Find out how we are certified to both Cyber Essentials and Cyber Essentials Plus, UK-government schemes backed by the National Cyber Security Centre, to show our full commitment to cyber security.
Industry Specific
We have experience in several industry specific areas, including military and automotive requirements. Read more about our TISAX, NIST, and Def Stan compliance.
Business Ethics
The policies and principles that we observe are to ensure the highest ethical and moral standards and to prevent any corrupt practices while conducting our business activities.
Fusion Security & Compliance Overview
Data Security and Privacy
- ISO 27001/2-based policies
- Secured international data transfers
- Data transfer and data impact assessments
- Data processing agreements
- Processes to ensure data integrity, availability, and confidentiality
- External third-party audits
Operational Security
- ISO 27001/2-based policies
- Documented formal change management
- Information and media handling, labelling, and destruction policies
- Formal incident management and escalation process
- Continuous monitoring, SIEM, and IT operations processes
- Comprehensive internal audit programme
Technical Security
- Industry standard ticketing system
- Regularly reviewed and updated Technical & Organisational Measures (TOMs)
- At least annual PEN tests for applications and infrastructure
- Configuration management policies including secure configurations
- Endpoint protection and management
- Continuous monitoring, SIEM, and IT operations processes
- Comprehensive internal and external audits of technical controls
Human Resources Security
- DBS / SC and higher security cleared personnel
- Comprehensive screening of all staff including background checks
- Full Joiners / Movers / Leavers (JML) process
- Non-disclosure and confidentiality agreements
- Annual mandatory security awareness training (based on UK GCHQ curriculum)
- Continuous phishing and refresher security training
Physical Security
- DBS / SC and higher security cleared personnel
- Comprehensive screening of all staff including background checks
- Full Joiners / Movers / Leavers (JML) process
- Non-disclosure and confidentiality agreements
- Annual mandatory security awareness training (based on UK GCHQ curriculum)
- Continuous phishing and refresher security training
Security Scorecard
Fusion GBS maintains a suite of industry best practise tools to monitor our protection and compliance status in real-time. Fusion is rated as ‘A’ – the highest available rating by SecurityScorecard, the leading platform for cyber security and readiness ratings. Maintaining this rating reflects our continuous focus on security across all our global locations. The SecurityScorecard platform calculates a rating score by analysing risk groups through real-time monitoring of security practises and other risks. More information is available at securityscorecard.com (external site opens in new window). By using SecurityScorecard, we also demonstrate that we monitor our environment in real-time against potential threats and exploits.