Our Governance

Information Security

1. Purpose and Scope

This Information Security document outlines the measures Bainbridge Consulting applies to protect information, systems, and digital infrastructure associated with its research, evaluation, and advisory services.

It applies to personnel, contractors, systems, and service providers involved in the handling of organisational, research, and personal information.

2. Security Principles

Bainbridge Consulting applies security controls designed to support:

• Confidentiality of information

• Integrity of data and systems

• Availability of services and operational systems

• Protection against unauthorised access, misuse, or disruption

Security measures are proportionate to the sensitivity and operational risk of the information involved.

3. Access Controls

Access to systems and information is restricted to authorised personnel with legitimate operational requirements.

We apply reasonable controls including:

• Role-based access permissions

• Authentication and password protections

• Restricted administrative access

• Periodic review of access privileges

4. Data Protection Measures

We apply technical and organisational safeguards appropriate to the nature of the information held.

These safeguards may include:

• Encrypted storage and transmission

• Secure hosting environments

• Network and endpoint protection controls

• Controlled backup and recovery processes

• Secure disposal practices

5. Personnel Responsibilities

Personnel and contractors are expected to:

• Maintain confidentiality obligations

• Follow applicable security procedures

• Report suspected security incidents promptly

• Use organisational systems responsibly and securely

Access may be restricted or revoked where security obligations are not met.

6. Incident Management

Bainbridge Consulting takes reasonable steps to identify, assess, and respond to information security incidents.

Where an incident involves personal information, response processes are managed in accordance with applicable privacy and data breach obligations.

7. Third-Party Services

Where third-party systems, subcontractors, or service providers are used, reasonable steps are taken to ensure appropriate security and confidentiality safeguards apply.

8. Continuous Review

Security practices and controls are reviewed periodically to support ongoing operational resilience and governance maturity.

9. Relationship to Other Governance Documents

This document should be read together with:

• Privacy Policy

• Data Use & Research Governance

• Research Ethics & Integrity

• Terms of Service

Version: 5.0 - Research Governance Version

Last Updated: 1 May 2026