Compliance

We maintain the highest standards to keep your information safe and secure.

To download our compliance pack…

Compliance and Certification

It is important our customers are assured that we follow the rules. Our accreditations demonstrate confidence that we handle and process sensitive documents & data in accordance with all regulatory and legal requirements.

The Data Protection Act 2018 requires all data processors to be registered with the Information Commissioner’s Office (ICO) (Topwood Registration number Z7108387).

 

A fundamental principle (Principle 7) of the DPA is that data controllers have in place appropriate security measures to prevent data from being accidentally or deliberately compromised. The law clearly states that subcontracting documents and data destruction to a shredding company does not remove any of the data controller’s legal responsibilities or liabilities.

Consequently, data controllers must make periodic checks to ensure their shredding company’s security credentials remain up to date. Some data management companies claim to comply with the relevant standards or paste a few logos onto their website, but data controllers that accept such statements at face value are not undertaking proper due diligence and are ultimately putting their reputations at risk. 

Quality

Topwood’s reputation for providing first-class service levels is defined, delivered, and measured through a Quality Management System (QMS).

The QMS is independently audited by a UKAS accredited body and fully complies with the requirements of ISO 9001. The leading industry association for data destruction is the British Security Industry Association (BSIA), which requires members to have ISO 9001. Topwood is a member of the BSIA.

Information Security

Whether Topwood supplies file storage, document scanning, or data shredding services, its success is wholly dependent on providing information security. Topwood operates to an Information Security Management System (ISMS). This ISMS is independently audited to comply with information security ISO 27001. ISO27001 is increasingly seen by compliance, security and procurement managers as the ‘gold standard’.

The following standards are incorporated into the scope of Topwood’s ISO27001 certification.

BS 4971 (formerly PD 5454)
The standard to which archive storage services are supplied for the long term preservation of documents.

EN15713
Principle standard regarding secure destruction of sensitive information.

BS7858
All staff employed at Topwood are secuity vetted to BS7858 (and this includes DBS checks).

Other standards incorporated include BS8418 (CCTV), EN150131 (intruder alarms), EN50133 (access control systems), BS5839 (fire detection and alarm systems) and CPNI (used by government departments and agencies when engaging contractors for the destruction of national assets).

Duty of Care – Ensuring a Safe Working Environment

Topwood is committed to safety in the workplace. Topwood has been independently audited and was found to have excellent risk management under the Safe Contractor scheme.

Certification assures customers that Topwood operates a safe workplace. The term “safe workplace” is broad, but the duty of care extends to all persons who come into contact with Topwood’s activities and the workplace extends to all locations including customers’ offices and depots.

Insurance

Due diligence checks should ensure contractors have the statutory minimum and any additional cover required.

Topwood has the following cover in place:

  • Public liability insurance £5mn in respect of each and every claim
  • Employers liability insurance – £10m provided in respect of each and every claim (This is a legal requirement all companies hold)
  • Professional Indemnity – £2 million.

Personnel

To comply with EN15713, all employees are security vetted. Topwood uses a third-party vetting firm to security check to BS7858 prior to a person’s employment with Topwood. BS7858 includes Disclosure and Barring Service (DBS) checks, and this vetting is repeated every 3 years.

  • All staff are required to sign a Confidentiality Agreement prior to engagement with Topwood
  • Topwood conducts its own due employee due diligence. For example, we carry out quarterly DLVA licence checks
  • All staff participate in a training programme, which includes topics such as how to handle sensitive information and risk management for a safe workplace.

Operation of Vehicles

  • All vehicles operate from a registered operating base on Wrexham Industrial Estate (LL13 9UZ)
  • Shred trucks are operated and maintained in accordance with the provisions granted in Topwood’s Operator Licence (OC1052569) issued by VOSA
  • A fleet insurance policy covers all vehicles.

Testimonial

“our scanned documents are now available 24/7 and can be accessed by our staff regardless of where they are working. This has helped make us a far leaner business and has helped with our information security risk management”.

Solicitors Shrewsbury, Shropshire

We are trusted by…

Request a quote