Trust Centre

Security at Snap IT.

Security is built into how we run our business and how we look after yours — across our people, our processes and every system we manage. This is where you’ll find our certifications, controls and documentation, in one place.

Compliance

ISO 27001 aligned

Controls

Information Security

  • Information Security Policy
  • Data classification & handling
  • Encryption at rest & in transit
  • Asset inventory & management

Access & Identity

  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Least-privilege & joiner/leaver process
  • Privileged access management

Threat Management

  • Managed EDR / anti-malware
  • 24/7 monitoring & alerting
  • Vulnerability & patch management
  • Penetration testing

Incident Response

  • Documented Incident Response Plan
  • 72-hour breach notification
  • Defined escalation paths

Business Continuity

  • Backup & disaster recovery (RTO/RPO)
  • Business Continuity Plan
  • Tested recovery procedures

Organisational Security

  • Staff security awareness training
  • Background checks & DBS where relevant
  • Change management process
  • Third-party / supplier risk management

Data Security

  • Encryption at rest & in transit
  • Access monitoring & logging
  • Encrypted, monitored backups
  • Secure disposal & certificates of destruction

Data Privacy

  • UK GDPR & DPA 2018 compliance
  • Data Protection Officer
  • Data Processing Agreements
  • Subject access request process

Endpoint Security

  • Endpoint Detection & Response (EDR)
  • Disk encryption
  • Mobile Device Management (MDM)
  • Data Loss Prevention (DLP)

Network Security

  • Next-generation firewall
  • Intrusion detection & prevention (IDS/IPS)
  • DNS filtering & anti-DDoS
  • Email protection (SPF, DKIM, DMARC)

Infrastructure

  • UK-based cloud hosting
  • SOC 2 Type II data centres
  • Physical access controls
  • Segregated production & test environments

AI Governance

  • Ethical use of AI & internal policy
  • Managing AI vendor security
  • Human oversight of AI tooling
Documentation

Resources

Request all documents
Sub-processors

Who We Rely On

We use a small set of trusted, security-vetted providers to deliver and support your services. Where they process data on our behalf, they do so under contract and appropriate safeguards.

Sub-processorPurposeData location
Microsoft (Azure & 365)Cloud infrastructure, productivity & identityUK / EU
HaloPSAService desk & ticketingUK / EU
Datto / backup vendorBackup & disaster recoveryUK
EDR / security vendorEndpoint detection & responseEU / USA
CloudflareWebsite hosting, DNS & securityGlobal (edge)
Common questions

Frequently Asked Questions

What personal data does Snap IT process?
As your IT and security provider we may process business contact details, user account information and system telemetry needed to deliver and support your services. We don’t sell data. Full detail is in our Privacy Policy and available Data Processing Agreement.
Is Snap IT UK GDPR compliant?
Yes. We process personal data in line with UK GDPR and the Data Protection Act 2018, and we’re registered with the ICO. A Data Processing Agreement is available on request.
Do you hold Cyber Essentials?
Yes — we hold Cyber Essentials and Cyber Essentials Plus, and we help our clients achieve the same. Certificates are available on request.
How do you handle a security incident?
We follow a documented Incident Response Plan with defined escalation paths. Where a personal-data breach is involved, we support notification within statutory timeframes (72 hours under UK GDPR).
How is our data backed up and recovered?
Managed services include backup and disaster recovery with agreed recovery objectives (RTO/RPO), tested restore procedures and a Business Continuity Plan. A summary is available on request.
Can we get a copy of your policies for our audit?
Yes. Public documents are linked above; security-sensitive documents are shared on request, usually under a mutual NDA. Use Request access and we’ll get them to you.
Service status

Systems & Availability

A live view of the services we run for you.

All systems operational

No incidents reported
Service desk & ticketingOperational
Remote monitoring & managementOperational
Backup & disaster recoveryOperational
Client PortalOperational
Request access

Need Something You Can’t See Here?

Security teams and prospective clients can request our full documentation pack — certificates, policies and our Data Processing Agreement — usually shared under a mutual NDA.