Our Services
Let's Talk!

Legal Hub

Information Security Policy

We Are Hype Ltd
Version 1.0
Approved by: Hamzah Sher, Managing Director
Effective Date: 20th February 2026
Review Date: 20th February 2027

1. Purpose

The purpose of this policy is to ensure the confidentiality, integrity and availability of information managed by We Are Hype Ltd.

We are committed to protecting client, partner and company information from unauthorised access, disclosure, alteration or destruction.

2. Scope

This policy applies to:

  • All employees, contractors and third-party suppliers
  • All company systems and devices
  • All client and company information
  • All physical and digital records

3. Information Security Principles

We operate in accordance with the following principles:

  • Information is accessed strictly on a need-to-know basis
  • Access is granted based on role and responsibility
  • Security controls are proportionate to risk
  • Data is protected at rest and in transit
  • Incidents are reported and managed promptly

4. Access Control

  • Role-based access is implemented across systems
  • Access rights are reviewed periodically
  • Access is removed immediately when staff leave or contracts end
  • Multi-factor authentication (MFA) is enabled where available
  • Shared logins are prohibited

5. Device Security

  • All company devices are password protected
  • Devices use automatic screen locking
  • Operating systems and software are kept up to date
  • Anti-virus and malware protection is enabled
  • Lost or stolen devices must be reported immediately

6. Cloud & Data Storage

We use reputable cloud service providers that provide:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest
  • Secure access controls
  • Audit logging capabilities

Sensitive data is not stored on unsecured personal devices.

7. Backup & Recovery

  • Company data is backed up regularly
  • Cloud providers maintain redundancy systems
  • Backup restoration procedures are periodically tested
  • Business continuity measures are in place to ensure service continuity

8. Incident Management

All staff must report suspected security incidents immediately.

Security incidents include:

  • Data breaches
  • Unauthorised access
  • Phishing attempts
  • Malware infections
  • Lost devices containing sensitive data

Incidents will be assessed promptly and escalated where required.
If necessary, regulatory bodies and affected parties will be notified in accordance with legal obligations.

9. Third-Party Suppliers

We ensure that key third-party suppliers:

  • Demonstrate appropriate security measures
  • Use secure hosting environments
  • Process data in compliance with applicable data protection laws

Supplier relationships are reviewed periodically.

10. Staff Responsibilities

All personnel must:

  • Follow company security procedures
  • Protect passwords and access credentials
  • Report suspicious activity
  • Complete security awareness training where required

Failure to comply may result in disciplinary action.

11. Review & Continuous Improvement

This policy is reviewed annually or sooner if required due to:

  • Regulatory changes
  • Security incidents
  • Operational changes
  • Industry best practice updates

We Are Hype Ltd is committed to continuous improvement of its information security framework.