Security Approach
How we protect information and maintain the highest standards of security.
Our Commitment
As a technology consultancy serving the defence and national security sectors, information security is at the heart of everything we do. We maintain rigorous security practices to protect our clients' information and ensure the integrity of our operations.
Talieisin partners with NCSC-affiliated cybersecurity providers CyberSmart and Naq Cyber for comprehensive GDPR and security compliance. All employees complete data protection training and sign confidentiality agreements.
Certification
We have achieved Cyber Essentials Plus certification, backed by the UK Government and the National Cyber Security Centre (NCSC). Unlike the basic certification, Plus includes independent technical verification of our security controls. These five controls can prevent around 80% of common cyber attacks:
- Firewalls
- Secure Configuration
- User Access Control
- Malware Protection
- Security Update Management
Core Security Principles
Defence in Depth
Multiple layers of security controls to protect against threats at every level.
Least Privilege
Access rights limited to the minimum necessary for legitimate business purposes.
Zero Trust
Never trust, always verify. Every access request is authenticated and authorised.
Security by Design
Security considerations integrated from the earliest stages of any project.
Continuous Monitoring
Ongoing assessment and improvement of our security posture.
Incident Response
Established procedures for detecting, responding to, and recovering from security incidents.
Technical Controls
We implement comprehensive technical security measures including:
- Encryption of data at rest and in transit
- Multi-factor authentication for all systems
- Regular vulnerability assessments and penetration testing
- Secure development practices and code review
- Endpoint protection and monitoring
- Network segmentation and access controls
Personnel Security
Our team members undergo appropriate security vetting and maintain current clearances as required for our work. All personnel receive regular security awareness training and are bound by strict confidentiality obligations.
All Talieisin employees undergo regular security training and phishing tests. Staff sign information security policies covering remote work, passwords, multi-factor authentication, and device encryption.
Key personnel roles include a Data Protection Officer who oversees policy adherence and staff training, and an Information Security Officer who manages technical controls and incident response.
Physical & Environmental Security
Our working premises are secured and can only be entered with a dedicated keyset. Visitors require staff authorisation. No personal data is stored on-site. Network equipment uses hardened configurations with patched firmware.
Third-party data centre facilities protect data through encryption, backups, and access controls. Security measures include perimeter defence systems, surveillance cameras, and biometric authentication.
All devices use full disk encryption with automatic updates and malware monitoring. Remote wipe capability is available for all company devices.
Supply Chain Security
We carefully evaluate and monitor our supply chain to ensure third-party services and tools meet our security requirements. Third-party vendors must sign processing agreements. Regular audits ensure compliance; inadequate security triggers immediate termination.
We maintain data processing agreements with all communication providers to ensure protection measures comply with UK data protection legislation.
Incident Reporting
If you identify a potential security vulnerability or have security concerns, please report them to:
We take all security reports seriously and will respond promptly to investigate and address any legitimate concerns.
Continuous Improvement
Security is not a destination but a journey. We continuously review and improve our security practices in response to emerging threats, new technologies, and evolving best practices.