Information Security Policy

The Board of Directors, Management of Lightfoot, located and operating at Innovation Valley, Exeter. Lightfoot are committed to preserving the confidentiality, integrity and availability of all the physical, electronic and information assets throughout their organisation in order to preserve its competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance and commercial image.

Confidentiality, integrity and availability (CIA) is at the heart of Lightfoot. Assets including physical, information, people and services maintain the highest degree of Confidentiality; ensuring that information is only accessible to those authorised to access it and therefore preventing both deliberate and accidental unauthorised access. Integrity; safeguarding the accuracy and completeness of information and processing methods. Availability; ensuring that information and associated assets should be accessible to authorised users when required and therefore physically secure.

Lightfoot is committed to achieving certification of ISO 27001:2013 Information Security Management System (“ISMS”). The ISMS of which this Policy, the ISMS Policies, procedures, staff handbook, information security objectives, supporting and related documentation are a framework which has been designed in accordance with the specification contained in ISO 27001:2013.

Lightfoot’s current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information related risks through the establishment and maintenance of an ISMS. The Risk Assessment, Statement of Applicability, information security objectives and Risk Treatment Plan identify how information-related risks are controlled.

As part of our commitment to ISO 27001:2017 (Information Security) Lightfoot have defined our Security Objectives.

  • Ensure all staff have completed GDPR/ISO 27001 internal training
  • System uptime (availability) client facing systems - Gen 2
  • Achievement of ISO 27001
  • Internal Auditor ISO 27001 training
  • 6 months penetration testing of Lightfoot client facing systems (portal/website)
  • Quarterly system vulnerability scanning
  • Incidents to be reviewed and closed in response to the agreed deadline (30 days)
  • Risks reviewed and closed timely in response to the agreed mitigation deadline
  • Achieve Cyber Essentials
  • Infrastructure split from Ashwoods Electric motors

The Head of Quality is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.

All staff of Lightfoot, external consultants, sub-contractors and external parties will be made aware of their responsibilities (which are defined in their job descriptions or contracts) to preserve information security, to report security breaches and to act in accordance with the requirements of the ISMS. All staff will receive appropriate training and awareness, including third party non-disclosure agreements and contracts.

Lightfoot is committed to continuous, systematic review and continual improvement to achieving certification to ISO 27001:2017 with the British Standards Institution. Lightfoot will make this Information Security Policy available to all interested parties on our website.

This document was last updated on 24th January 2019

Get more out of your driving with our newsletter

By joining our mailing list you will receive news and updates on our latest winners, hints and tips on becoming an Elite Driver.
You can unsubscribe in one click.

Social posts

We post a lot to Twitter about our Elite Driver prize winners, plus news from ourselves and the motoring industry. We also have a Facebook page which contains lots more fun things we get up to. You can follow us on Instagram as well.

© Ashwoods Lightfoot Limited 2019, All Rights Reserved. Company Registration Number: 8287918.