Security

Clients and individuals rightfully demand accountability from any organisation handling their personal and confidential data.

We understand the importance of taking appropriate steps to safeguard information and are committed to protecting information relating to our clients and to our people.

Our ‘Protecting Your Information’ document summarises our approach to information security and business resilience.

We have developed and implemented a comprehensive information security and business resilience framework aligned to industry best practices such as ISO/IEC 27001:2017 the International Standard for Information Security Management Systems (ISMS), IT Infrastructure Library (ITIL) for IT Service Management and ISO22301:2012 for Business Continuity Management Systems (BCMS).

We take a multi-layered, defence-in-depth, approach to protecting the data we have responsibility for, this includes physical, procedural, personnel and technical security to protect confidentiality, integrity and availability of information and services.

This framework and its underlying controls cover:

  • Information Security & Business Resilience Governance and Policies
  • Human Resource Security
  • Asset Management
  • Physical & Environmental Security
  • Access Control
  • Cryptography
  • Communications & Operations Security
  • System Acquisition, Development and Maintenance
  • Supplier Relationships
  • Information Security Incident Management
  • Business Continuity Management
  • Audit & Compliance

This is delivered through our Security Delivery Model which is focused on four workstreams:

  • Defend and Prevent
  • Hunt and Detect
  • Respond and Recover
  • Governance

More details are contained within the ‘Protecting Your Information’ document. Click here to download the document.

If you have any specific questions or would like additional information on the measures that we take to protect your information, then please contact your nominated Vistra Relationship Manager or email vistragroup@vistra.com.