Access Control
At LeSoft, we implement strict access control policies to ensure that only authorised individuals can access sensitive data and systems. This approach supports data confidentiality, integrity, and availability while aligning with the UK General Data Protection Regulation (UK GDPR) and National Cyber Security Centre (NCSC) guidance.
Regulatory Alignment
Our access control practices are designed to comply with:
- UK GDPR Article 32 – Requires organisations to implement appropriate technical and organisational measures, including the ability to ensure the ongoing confidentiality and integrity of personal data.
- Data Protection Act 2018 – Reinforces the need to protect personal data from unauthorised access or loss.
- NCSC Access Control Principles – Emphasises least privilege access, identity verification, and continuous monitoring.
Key Access Control Measures
Role-Based Access Control (RBAC)
Access to systems and data is granted strictly based on roles and responsibilities. Each user is assigned only the permissions necessary to perform their job functions.
Identity & Authentication Management
We use strong identity verification and multi-factor authentication (MFA) to verify users before granting access to our systems.
Least Privilege Principle
Users and systems are granted the minimum access necessary. Elevated privileges are temporary and audited.
Access Review and Audit
User permissions are regularly reviewed and updated. Inactive or outdated accounts are promptly disabled. All access events are logged and monitored to detect anomalies or unauthorised activities.
Logging & Monitoring
All access to critical systems and data is logged. Logs are regularly reviewed by our security team to detect any suspicious or unauthorised behaviour.
Onboarding & Offboarding Procedures
We have formal onboarding/offboarding workflows to ensure:
- New users receive the correct access upon joining.
- Departing users have access promptly removed, reducing the risk of insider threats.
Third-Party Access Controls
Where third-party service providers access LeSoft systems or data:
- Access is limited, monitored, and governed by Data Processing Agreements (DPAs).
- Third parties must comply with our information security requirements and relevant UK data protection laws.
Continuous Improvement
We continuously evaluate and improve our access control practices to adapt to evolving security threats, regulatory changes, and technology standards.
Contact for Security Queries
If you have questions or concerns regarding access controls or would like to report an incident:
📧 Email: [email protected]
📞 Phone: +44 161 718 7123
🏢 Registered Office: LeSoft Limited, 275 High Road Leyton, London, United Kingdom E10 5QN