Security and Phorm

As a company committed to advancing the cause of online user privacy, Phorm understands the importance of underpinning and reinforcing its commitment with solid, reliable security practices. Phorm's objective is to use a combination of prevention, detection, response, monitoring and review measures to reduce any risks to internet users, Phorm and Phorm's partners, and to ensure Phorm complies with all relevant laws and regulations.

Phorm has a comprehensive set of corporate security objectives and policies and an internal security organisation to communicate, enforce and monitor those policies. Phorm specifically focuses on controlling internal and external use of information from our technology. Phorm's management have responsibility for establishing security procedures, ensuring that staff and third parties adhere to these procedures both now and in the future, establishing secure areas to protect its facilities and its equipment, making sure that Phorm's networks and computers are protected against malicious and accidental damage and that the exchange of information and handling of media is carried out in a controlled and secure manner.

Phorm's information access controls ensure that user access rights to networks, computers, applications and remote access facilities are authorised and monitored. In the development and maintenance of Phorm's systems, security measures ensure that the systems comply with legal requirements, are protected against malicious attacks and that Phorm's privacy commitments are bolstered by sound security controls. Those security controls include the use of cryptographic mechanisms to protect confidential information, incident management processes and procedures, business continuity and disaster recovery planning and testing.

As part of Phorm's security regime, the Phorm corporate security team regularly evaluates existing security safeguards to ensure Phorm is protected against the latest threats and third parties are engaged to provide security compliance reviews ensuring that the organisation is meeting the security commitments it has made to itself, its partners and its users.