CNCotton Nursing Solutions

Cyber Security Policy

Cotton Nursing Solutions Ltd — Last updated: March 2026

1. Purpose

This policy sets out how Cotton Nursing Solutions Ltd protects its digital systems, data, and communications from cyber threats. It applies to all staff, contractors, and anyone with access to our systems or data.

2. Scope

This policy covers all digital devices, cloud services, email accounts, websites, and data storage used in connection with Cotton Nursing Solutions Ltd business, across both the Cotton Nursing and Cotton Family divisions.

3. Password Security

  • All accounts must use strong, unique passwords (minimum 12 characters, mix of letters, numbers, and symbols).
  • Passwords must not be shared or reused across accounts.
  • Two-factor authentication (2FA) must be enabled where available.
  • Passwords should be changed promptly if a breach is suspected.

4. Device Security

  • All devices used for business must be password or biometric protected.
  • Operating systems and software must be kept up to date with the latest security patches.
  • Antivirus software must be installed and kept current on all business devices.
  • Devices must be locked when unattended.
  • Lost or stolen devices must be reported immediately.

5. Email & Communication Security

  • Staff must be vigilant for phishing emails and suspicious links.
  • Sensitive data must not be sent via unencrypted email where avoidable.
  • Unexpected attachments or requests for personal/financial information should be verified before acting.
  • Business email accounts must not be used for personal purposes.

6. Cloud & Data Storage

  • Business data must be stored on approved, secure cloud platforms (e.g., Google Drive, Cliniko).
  • Access to cloud storage is restricted to authorised personnel only.
  • Data must not be stored on personal devices or unapproved platforms without authorisation.
  • Regular backups are maintained to protect against data loss.

7. Website Security

  • Our website uses HTTPS encryption to protect data in transit.
  • Website access credentials are restricted to authorised administrators.
  • Contact form submissions are transmitted securely and stored in compliance with our Privacy Policy.

8. Incident Response

  • Any suspected cyber security incident (e.g., data breach, malware, phishing) must be reported immediately to the business owner.
  • Incidents will be investigated, contained, and documented.
  • Affected individuals and the ICO will be notified where required by law.
  • Lessons learned will be used to improve our security measures.

9. Training & Awareness

All staff and contractors receive appropriate cyber security awareness training. This includes recognising phishing, safe password practices, and reporting procedures. Training is refreshed as needed.

10. Remote Working

  • When working remotely, staff must use secure Wi-Fi connections.
  • Public Wi-Fi must not be used for accessing sensitive business data without a VPN.
  • Screens must not be visible to unauthorised persons when working in public spaces.

11. Policy Review

This policy is reviewed periodically or in response to significant changes in technology, threats, or business practice.

12. Contact

Questions or concerns about cyber security should be directed to:

Elisabeth Fairbairn, Owner
Cotton Nursing Solutions Ltd
Email: [email protected]
Phone: 07872 179689