Trust Centre
Clear expectations. Responsible delivery.
Cyber resilience is built on trust. We avoid overpromises and focus on clear communication, evidence-led thinking and practical action. That includes being transparent about how we handle data, how we manage risk, and how we respond when issues are identified.
Short principles list:
- Plain English, no fear tactics
- Privacy-first thinking
- Responsible handling of data
- Continuous improvement through learning and review
- Clear routes for raising concerns and reporting issues
Security is a process, not a statement.
We treat security as an ongoing discipline. That means maintaining appropriate controls, reviewing risk, and improving based on evidence. Where relevant, we work with trusted partners and specialists to strengthen our approach.
What we focus on:
- Risk awareness and prioritisation
- Access control and least privilege
- Secure configuration and change control
- Monitoring and incident readiness
- Backup, recovery and continuity planning
- Supplier and third party awareness
Privacy-first, transparent by design.
See an issue. Report it safely.
We welcome responsible disclosure of security vulnerabilities. If you believe you have found a security issue, please report it through our responsible disclosure route so it can be assessed and addressed safely.
We ask that reporters avoid actions that could harm users, customers, or data. If a report is made in good faith, we will aim to respond promptly and communicate clearly.
Preparedness and clear communication.
No organisation can promise perfect security. What matters is preparation and response. We aim to maintain practical incident readiness, including clear escalation routes, documented response processes, and post incident review so we can learn and improve.
If an incident impacts customers or partners, we aim to communicate clearly about what happened, what it means, and what actions are being taken.
Trust extends to the ecosystem.
We work with partners and suppliers who support responsible practice. Where third parties process data or support delivery, we aim to maintain clear responsibilities and appropriate controls.