Cyber Security & IT Policy

    Recruitment Direct UK Limited

    Herkimer House

    Mill Road Industrial Estate

    Linlithgow

    EH49 7SF

    Scotland

    United Kingdom

    Document Owner:Recruitment Direct UK Ltd
    Version:1.0
    Effective Date:11 June 2026
    Review Date:11 June 2027

    1. Statement

    Recruitment Direct UK Limited (“RDUK”, “we”, “our” or “us”) is committed to maintaining secure, reliable and resilient IT systems and protecting company, applicant, worker and client information from cyber security threats.

    The company recognises that effective cyber security and IT management are essential to business continuity, operational performance, regulatory compliance and the protection of confidential information.

    2. Purpose

    The purpose of this policy is to:

    • Protect company systems, devices and information.
    • Reduce cyber security risks.
    • Support compliance with UK GDPR and data protection legislation.
    • Promote secure use of technology.
    • Protect confidential and personal information.
    • Maintain business continuity and operational resilience.

    3. Scope

    This policy applies to:

    • Employees
    • Workers
    • Directors
    • Contractors
    • Consultants
    • Suppliers with authorised access to company systems

    The policy applies to all company devices, cloud systems, recruitment software, databases, communication platforms, email systems and information assets used by Recruitment Direct UK Limited.

    4. Technology Environment

    Recruitment Direct UK Limited operates primarily through secure cloud-based systems. Business information, recruitment records, compliance records and operational data are stored within secure cloud environments.

    The company supports remote and hybrid working arrangements and utilises digital technologies to deliver recruitment and business services efficiently and securely.

    5. Existing Security Measures

    Recruitment Direct UK Limited maintains a range of security controls including:

    • Cyber Essentials certification.
    • Cloud-based data storage.
    • Daily automated backups.
    • Password and authentication controls.
    • User access controls and permissions.
    • Secure remote and hybrid working arrangements.
    • Software updates and security patching.
    • Device security controls.
    • Use of reputable technology providers.
    • Ongoing monitoring of cyber security risks.

    These measures are designed to protect the confidentiality, integrity and availability of company information.

    6. AI-Assisted Technology

    Recruitment Direct UK Limited may utilise artificial intelligence (“AI”), machine learning and automated technologies to support recruitment, compliance, administration and information management activities.

    These technologies may assist with:

    • Recruitment workflows.
    • Applicant screening processes.
    • Compliance monitoring.
    • GDPR compliance activities.
    • Database maintenance and record management.
    • Identification of incomplete, inaccurate or duplicate records.
    • Reporting and operational efficiency.

    All AI-assisted activities remain subject to appropriate human oversight and review.

    7. User Responsibilities

    All users of company systems are responsible for:

    • Protecting passwords and login credentials.
    • Maintaining the security of company devices.
    • Using company systems responsibly.
    • Protecting confidential information.
    • Reporting suspicious activity immediately.
    • Following company IT and cyber security procedures.

    Users must not:

    • Share passwords.
    • Install unauthorised software.
    • Circumvent security controls.
    • Use company systems for unlawful purposes.

    8. Remote Working

    Individuals working remotely are expected to:

    • Use secure internet connections.
    • Protect company devices and information.
    • Prevent unauthorised access to systems.
    • Follow company security requirements.
    • Report security concerns promptly.

    9. Incident Reporting

    Any actual or suspected cyber security or IT incident must be reported immediately.

    Examples include:

    • Phishing attacks.
    • Malware infections.
    • Data breaches.
    • Unauthorised access attempts.
    • Lost or stolen devices.
    • Suspicious account activity.
    • System failures affecting business operations.

    All incidents will be investigated and managed appropriately.

    10. Business Continuity and Recovery

    Recruitment Direct UK Limited stores business and recruitment data within secure cloud-based systems.

    Daily automated backups are maintained to support:

    • Data protection.
    • Disaster recovery.
    • Business continuity.
    • Operational resilience.

    The company will take reasonable steps to restore access to systems and information in the event of a cyber security incident, technical failure or operational disruption.

    11. Review

    This policy will be reviewed annually or sooner if required by legislative, regulatory, technological or business changes.

    Director Approval

    I confirm that this Cyber Security & IT Policy has been reviewed and approved on behalf of Recruitment Direct UK Limited.

    Name:Steven Peddie
    Position:Director
    Date:11 June 2026
    Signature:
    Steven Peddie Signature__________________________________________

    Compliance, Quality & Security

    Recognised standards supporting consistent, compliant recruitment delivery.

    Constructionline Gold

    Gold Member

    1324569

    Cyber
    Essentials

    Certified

    4686a995

    ISO
    9001:2015

    Quality Management

    GB2006088

    REC
    Membership

    Corporate Member

    00207320

    Verified credentials. Transparent proof. Trusted delivery.