DATA PROTECTION POLICY

A. INTRODUCTION

We may have to collect and use information about people with whom we work.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.

We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business.  We will ensure that we treat personal information lawfully and correctly.

To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).

This policy applies to the processing of personal data in manual and electronic records kept by us in connection with our human resources function as described below. It also covers our response to any data breach and other rights under the GDPR.

This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. These are referred to in this policy as relevant individuals.

B. DEFINITIONS

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).

“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

C. DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

1. processing will be fair, lawful and transparent
2. data be collected for specific, explicit, and legitimate purposes
3. data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
4. data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
5. data is not kept for longer than is necessary for its given purpose
6. data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
7. we will comply with the relevant GDPR procedures for international transferring of personal data

D. TYPES OF DATA HELD

We keep several categories of personal data on our employees in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.

Specifically, we hold the following types of data:

1. personal details such as name, address, phone numbers
2. information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, references from former employers, details on your education and employment history etc
3. details relating to pay administration such as National Insurance numbers, bank account details and tax codes
4. medical or health information
5. information relating to your employment with us, including:
   1. job title and job descriptions
   2. your salary
   3. your wider terms and conditions of employment
   4. details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
   5. internal and external training modules undertaken

All of the above information is required for our processing activities. More information on those processing activities are included in our privacy notice for employees, which is available from your manager.

E. EMPLOYEE RIGHTS

You have the following rights in relation to the personal data we hold on you:

1. the right to be informed about the data we hold on you and what we do with it;
2. the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on Subject Access Requests”;
3. the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
4. the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
5. the right to restrict the processing of the data;
6. the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
7. the right to object to the inclusion of any information;
8. the right to regulate any automated decision-making and profiling of personal data.

More information can be found on each of these rights in our separate policy on employee rights under GDPR.

F. RESPONSIBILITIES

In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made aware of our policies on data protection.

We have also appointed employees with responsibility for reviewing and auditing our data protection systems.

G. LAWFUL BASES OF PROCESSING

We acknowledge that processing may be only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity.

Where no other lawful basis applies, we may seek to rely on the employee’s consent in order to process data.

However, we recognise the high standard attached to its use. We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. Employees will be given clear instructions on the desired processing activity, informed of the consequences of their consent and of their clear right to withdraw consent at any time.

H. ACCESS TO DATA

As stated above, employees have a right to access the personal data that we hold on them. To exercise this right, employees should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.

No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.

Further information on making a subject access request is contained in our Subject Access Request policy.

I. DATA DISCLOSURES

The Company may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:

1. any employee benefits operated by third parties;
2. disabled individuals – whether any reasonable adjustments are required to assist them at work;
3. individuals’ health data – to comply with health and safety or occupational health obligations towards the employee;
4. for Statutory Sick Pay purposes;
5. HR management and administration – to consider how an individual’s health affects his or her ability to do their job;
6. the smooth operation of any employee insurance policies or pension plans;
7. to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty.

These kinds of disclosures will only be made when strictly necessary for the purpose.

J. DATA SECURITY

All our employees are aware that hard copy personal information should be kept in a locked filing cabinet, drawer, or safe.

Employees are aware of their roles and responsibilities when their role involves the processing of data.  All employees are instructed to store files or written information of a confidential nature in a secure manner so that it is only accessible by people who have a need and a right to access them and to ensure that all PCs, laptops etc are secured when unattended. No files or written information of a confidential nature is to be left where it can be accessed by unauthorised people.

Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.

Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.

Personal data relating to employees should not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received. Where personal data is recorded on any such device it should be protected by:

1. ensuring that data is recorded on such devices only where absolutely necessary.
2. using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted.
3. ensuring that laptops or USB drives are not left where they can be stolen.

Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

K. THIRD PARTY PROCESSING

Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.

L. INTERNATIONAL DATA TRANSFERS

The Company does not transfer personal data to any recipients outside of the EEA.

M. REQUIREMENT TO NOTIFY BREACHES

All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.

More information on breach notification is available in our Breach Notification policy.

N. TRAINING

New employees must read and understand the policies on data protection as part of their induction.

All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.

The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR.

All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.

O. RECORDS

The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. These records will be kept up to date so that they reflect current processing activities.

P. DATA PROTECTION COMPLIANCE

Our Data Protection Officer is:

Patrick O’Gorman
dpo@bcegi.co.uk
+44 (0) 746 748 1311

HEALTH AND SAFETY

STATEMENT OF INTENT

BCEGI is committed to eliminating incidents of injury and ill health to its employees and any other stakeholders affected by its activities. As part of this duty BCEGI will operate its business in compliance with its obligations under all applicable health and safety Regulations and where appropriate, will implement relevant best practice standards and industry codes of practice relevant to its operations.

In support of this commitment BCEGI will provide a safe place of work for its people by eliminating hazards where possible and reducing risk by following the hierarchy of controls for occupational health and safety. This includes providing instruction and training to its people to enable work to be carried out safely, and without ill health effects. BCEGI are committed to consultation with and participation of workers on health and safety matters.

RESPONSIBILITIES

Responsibility for this Policy ultimately lies with the BCEGI Managing Director, supported by the Operations Director and the rest of the Management Team who are responsible for the implementation of the Policy Statement and all associated Management Standards. The Management Team — supported by the Senior SHEQ Manager and Project Managers – must at all times demonstrate proactive and visible leadership in relation to health and safety management and are responsible for communicating BCEGI health and safety objectives throughout the organisation, and for ensuring that effective arrangements are in place and effective at a Project level. This Policy and associated Management Standards are mandatory across all BCEGI operations and as such all BCEGI Employees and Stakeholders are expected to comply with all related arrangements.

ARRANGEMENTS

Arrangements for the management of Health and Safety are contained within the BCEGI Integrated Management System (IMS), and are made available to all employees, supply ¢hain partners and affected parties. BCEGI is committed to continual improvement of the IMS. This policy is subject to continual review to ensure that it remains relevant to the scope of BCEGI operations and to account for changes in its working practices.

AUTHORISATION

Yangfei Lu 
Managing Director
14″ February 2025

Archive:2025 Health and Safety Policy
2020 Health and Safety Policy
2019 Health and Safety Policy
2018 Health and Safety Policy
2017 Health and Safety Policy
2016 Health and Safety Policy

ENVIRONMENT

STATEMENT OF INTENT

BCEGI recognises the importance of minimising the impact of its activities on the environment and is committed to eliminating incidents of pollution whilst continually reducing the environmental footprint associated with delivering its business operations. As part of this duty BCEGI will operate its business in compliance with its obligations under all applicable environmental Regulations and where appropriate, will implement relevant best practice standards and industry codes of practice relevant to its operations.

In support of this commitment BCEGI will routinely evaluate its environmental aspects and impacts in order to reduce the waste it produces and energy it consumes, whilst protecting the natural environment at its project and office locations and promoting the use of sustainable materials and technologies throughout its supply chain. This includes providing instruction and training to its people to enable work to be carried out sustainably, and without adverse impacts on the environment.

RESPONSIBILITIES

Responsibility for this Policy ultimately lies with the BCEGI Managing Director, supported by the Operations Director and the rest of the Management Team who are responsible for the implementation of the Policy Statement and all associated Management Standards. The Management Team — supported by the Senior SHEQ Manager and Project Managers – must at all times demonstrate proactive and visible leadership in relation to environmental management and are responsible for communicating BCEGI environmental objectives throughout the organisation, whilst ensuring that effective arrangements are in place at a Project level. This Policy and associated Management Standards are mandatory across all BCEGI operations and as such all BCEGI Employees and Stakeholders are expected to comply with all related arrangements.

ARRANGEMENTS

Arrangements for the management of its environmental aspects are contained within the BCEGI Integrated Management System (IMS), and are made available to all employees, supply ¢hain partners and affected parties. BCEGI is committed to continual improvement of the IMS, This policy is subject to continual review to ensure that it remains relevant to the scope of BCEGI operations and to account for changes in its working practices.

AUTHORISATION

Yangfei Lu
Managing Director
14″ February 2025

Archive:2025 Environmental Policy
2020 Environmental Policy
2019 Environmental Policy
2018 Environmental Policy
2017 Environmental Policy

QUALITY MANAGEMENT

STATEMENT OF INTENT

BCEGl’s mission is to exceed expectations in all aspects of its construction, development and investment activities, and in doing so aims to be recognised as the trusted partner for all its clients and stakeholders. In order to achieve this aim BCEGI is committed to providing its customers with defect-free products and services, delivered on time and within budget, and has implemented an organisation-wide lntegrated Management System (IMS) which as a minimum – complies with relevant statutory legislation, industry best practice, stakeholder needs, and the requirements of BS EN ISO9001:2015.

RESPONSIBILITIES

Responsibility for this Poli¢y ultimately lies with the BCEGI Managing Director, supported by the Operations Director and the rest of the Management Team who are responsible for the implementation of the Policy Statement and all associated Management Standards. The BCEGI Managing Director must ensure that suitable resources are in place to enable compliance with relevant Company standards and Customer requirements. The BCEGJ Management Team are responsible for the continual review of BCEGI Company performance, the provision of appropriate organisational context and the setting of strategic difection, and for providing a framework for setting quality objectives that enhance BCEGI Customer satisfaction. The Management Team – supported by Project Managers – must at all times demonstrate proactive and visible leadership in relation to quality management and are responsible for communicating BCEGI quality objectives throughout the organisation, and for ensuring that effective arrangements are in place and effective at a Project level. This Policy and associated Management Standards are mandatory across all BCEGI operations and as such all BCEGI Employees are expected to comply with all related arrangements.

ARRANGEMENTS

Arrangements for the management of Quality are contained within the BCEGI Integrated Management System (IMS), including controls to ensure the continual monitoring of quality performance across the organisation, and the ongoing review of the effectiveness and suitability of quality management measures within the IMS. BCEGI is committed to continual improvement of the IMS. This policy is subject to continual review to ensure that it remains relevant to the scope of BCEGI operations and to account for changes in its working practices.

AUTHORISATION

Yangfei Lu
Managing Director
14″ February 2025

Archive: 2025 Quality Policy
2020 Quality Policy
2019 Quality Policy
2018 Quality Policy
2017 Quality Policy

MODERN SLAVERY AND HUMAN TRAFFICKING STATEMENT

This statement has been published in accordance with the Modern Slavery Act 2015 and sets out the steps BCEGI UK has taken to prevent human trafficking and slavery in our business and supply chain.

BCEGI UK is committed to promoting ethical business practices and policies to protect its workers, and those who work with the Company. We are dedicated to acting transparently by disclosing information about any modern slavery risks we may identify and what actions we will take in response to them – prioritising any risks as they arise and making year-on-year progress to improve our processes.

BCEGI’s Directors and Senior Management shall take responsibility for implementing and communicating this Policy Statement and its objectives and shall provide adequate resources (awareness, training, etc.) and investment to ensure that modern slavery and human trafficking is not taking place within the organisation or its supply chains.

A copy of this Policy Statement is available to all employees electronically and can be obtained from the HR department upon request. This Policy Statement will be reviewed annually.

OUR BUSINESS AND SUPPLY CHAINS

BCEGI was founded in the UK in 2013 as part of BCEG’s international expansion scheme. BCEG was founded in China in 1953 and is a major Chinese state-owned enterprise, which works in over 27 countries globally. As an internationally diverse business, we draw on a wide range of knowledge and skills from different backgrounds across the globe.

Our strength and depth of cultural, personal and professional understanding means we are well placed to successfully facilitate and deliver bi-lateral trade, particularly between the East and West. BCEGI are key members of the Manchester China Forum, we are proud ambassadors for Manchester and the North West and are proactively operating as a first point of contact for international businesses wishing to invest in the UK and Europe.

Our mission at BCEGI is to exceed expectations in all aspects of our construction, development and investment activities. We aim to be the trusted partner for all our clients and stakeholders.

Our Supply Chain contains a range of companies, from large scale sub-contractors and professional consultants, to small supply only companies used for one off purchases. Our Supply Chain plays a pivotal role in BCEGI’s ability to successfully deliver its developments / projects in line with our own and / or our Employers expectations. We are constantly reviewing our Supply Chain members to ensure they continually meet the requirements of BCEGI. This includes a stringent Pre-Qualifications Questionnaire process and ongoing review of our Supply Chain partners.

OUR POLICIES

We have a zero-tolerance approach towards modern slavery and human trafficking, which is implemented into our Policies and behaviours within the workplace and supply chain.

This Policy Statement will be reviewed and updated annually and will be published on our website (with historical versions also available). Our policies are communicated to all employees through our intranet, inductions, training and briefings. We expect our supply chain to follow similar practices to ensure compliance and consistency.

We continually review our Policies, commercial agreements, consultant appointments and supply of services to reflect our commitment to acting sustainably, ethically and with integrity in all our business relationships. We are also in the process of reviewing and populating our Supplier Code of Conduct to improve our risk management processes.

The following Policies are relevant to Modern Slavery and Human Trafficking:

• Our Modern Slavery and Human Trafficking Policy specifically sets out our zero-tolerance for any activities related to slavery, how we create further awareness and what measures we have in place to prevent this.
• Our Code of Conduct sets out our expectations, such as rejecting anti-bribery and corruption and compliance with the law.

OUR CORE VALUES

Our Core Values are at the heart of everything we do. Our Board of Directors drive them alongside Senior Managers to embed our Core Values, and to create an efficient and positive working environment for our people, supply chains and the communities in which we work.

DUE DILIGENCE PROCESSES

Within our own business

Wherever possible we directly recruit our employees. We do however utilise the use of agencies where necessary. When sourcing and placing candidates with us, Our Preferred Supplier List must comply with the Act and ensure they have up-to-date Processes in place to manage any risks associated with the Act.

We always verify the Right to Work of all our employees and ensure their salary is paid directly to them.

Supply chain

BCEGI acknowledges its responsibility to the Modern Slavery Act 2015 and will ensure transparency within BCEGI and with suppliers of goods and services to the organisation. These, as well as the suppliers of services, make up the supply chain within the Company.

As part of BCEGI’s due diligence processes into modern slavery and human trafficking, the supplier approval process incorporates a review of the controls undertaken by its suppliers.

Imported goods from sources from outside the UK and EU are potentially more at risk for modern slavery and human trafficking issues. The level of management control required for these sources will be continually monitored.

BCEGI will not support or deal with any business knowingly involved in modern slavery or human trafficking.

RISK ASSESSMENT AND MANAGEMENT

We have or are in the process of creating the following:

• Our current suppliers are asked to conform with this Policy Statement and our Supplier Code of Conduct, where non-conformance may result in supplier auditing and/or termination of agreement.
• All employees are made aware of our commitment to combatting modern slavery and human trafficking.
• Training of our Senior Management Team and employees involved in the procurement process.
• Introduction of modern slavery awareness training during company induction and periodically for current relevant employees.
• Internal audit programme to review Policy content and use.
• Evidence of right to work is required before official employment can commence.
• Salary of both new and existing employees can only be paid to a bank account owned and controlled by the employee.

AWARENESS AND TRAINING

We create awareness on modern slavery and human trafficking via updating this Policy Statement annually and ensuring it is available for employees to review via our iMS and for the general public via our website. This is something existing and new employees are encouraged to review upon starting with us and throughout employment.

Our Whistleblowing Policy encourages employees to report any unethical practices either internally or externally within the business or via our suppliers. Any reports received are taken extremely seriously and are fully investigated.

AUTHORISATION

Dongwen Yu

Lead Director

1^st January 2022

Archive:
2020 Modern Slavery and Human Trafficking Policy
2019 Modern Slavery and Human Trafficking Policy
2018 Modern Slavery Policy
2017 Modern Slavery Policy

COOKIES POLICY

About this cookie policy

This Cookie Policy explains what cookies are and how we use them. Please make sure you read this policy so you can understand what types of cookies we use, how we collect and use information from and about you.

What are cookies?

Cookies are small text files that are sent to your PC, mobile phone or tablet when you visit a website. They stay on your device and are sent back to the website they came from when you visit it again.

Cookies are used by BCEGI website to make your experience more efficient by:

• Recognising when you log in and any preferred settings.
• Giving you a browsing experience that is unique to you which we believe improves your site experience.
• Analysing how you use our website and our services, so we can improve them.

How do we use cookies?

We and third parties may use cookies and tracking technologies to collect information from websites, Applications, and other online services for a variety of reasons, such as to enable us to improve your experience of the services, to understand how users interact with our online services and advertisements, and to deliver advertising. For example, we use these technologies to allow us to know when and for how long you use our services, and to remember your preferences and settings and other functionality you have requested. We and third parties may use the technologies to link your activities across the devices you may use. This helps us learn about how you use the services and enables us to provide you with a seamless experience across your devices. We may also use cookies and tracking technologies to deliver advertising and marketing messages that we think may be relevant to you based on your online activities over time, across the various devices you may use, and across third-party services– a common practice across the internet and known as interest-based advertising or behavioral advertising.

More information about analytics and advertising cookies is detailed below.

1. Strictly Necessary Cookies

These cookies enable services you have specifically asked for. For those types of cookies that are strictly necessary, no consent is required. These cookies are essential in order to enable you to move around the Website and use it features, such as accessing secure areas of the Website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

2. Performance Cookies

These cookies collect information about how you use our websites — for instance, which pages you go to most. This data may be used to help optimize our websites and make them easier for you to navigate. These cookies are also used to let affiliates know if you came to one of our websites from an affiliate and if your visit resulted in the use or purchase of a product or service from us, including details of the product or service purchased. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous.

3. Functionality Cookies

These cookies allow our websites to remember choices you make while browsing. For instance, we may store your geographic location in a cookie to ensure that we show you our website localized for your area. We may also remember preferences such as text size, fonts, and other customizable site elements. They may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity on non-BCEGI websites.

4. Third Party Cookies

This website uses a number of supplies who also set cookies on our website on our behalf in order to deliver the services that they are providing. A list of all third party cookies that are used on this Website and what each is used for are YouTube and Fusion Theme.

We use the following cookies on our site:

Type	Cookie Name	Description
Google Analytics Cookies	1P_JAR	These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect anonymous information, such as the number of visitors to the web, where visitors have come to the website from and pages visited.
	_gat_gtag_
	_ga
	_gid
Google Maps Cookies	APISID	These cookies are used by Google to store user preferences and information of Google maps
	SAPISID
	SSID
YouTube Cookies	PREF	We embed videos from YouTube on our website. These cookies do not identify you personally unless you are logged into Google, in which case it is linked to your Google account. They are used to measure your bandwidth when you watch a video in order to adjust video settings accordingly, or to track and gather information about when you watch YouTube videos on different websites.
	SID
	VISITOR_INFO1_LIVE
	YSC
	LOGIN_INFO
	enabledapps.uploader
	CONSENT

How do you change cookie preferences or block cookies?

We provide multiple choices in respect of the information we process about you. You can choose to opt-out, object to, or restrict our use of your personal information, delete, change or correct your personal information or access your personal information.

You can also change or withdraw your consent from the browsers. For further information to manage cookies on popular browsers please refer to: https://www.aboutcookies.org/how-to-delete-cookies/

If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages will not work in the usual way.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Changes to this Cookie Policy

We may update this Policy from time to time. Please regularly check this Policy to ensure you are aware of the most updated version.

This Cookie Policy was last updated on 30 September 2021.

DATA PROTECTION & CYBER SECURITY

STATEMENT OF INTENT

BCEGI is committed to the lawful and appropriate treatment of personal data and considers it critical to maintaining confidence between the business and all its stakeholders. The Company therefore fully endorses and adheres to the Principles of the General Data Protection Regulations in meeting both its statutory and contractual obligations in relation to information and cyber security (ICS). In doing so it will:

• Adopt a risk-based approach to ensure that ICS risks are treated in a consistent and effective manner.
• Protect and prevent information (e.g. confidential or sensitive) from unauthorised uses or disclosures.
• Ensure that ICS is integrated into essential business activities.
• Ensure that ICS delivers value and meets business requirements.
• Prioritise ICS resources to protect the business applications where an ICS incident would have the greatest impact.
• Comply with relevant legal and regulatory requirements to ensure that statutory obligations are met, stakeholder expectations are managed, and civil or criminal penalties are avoided.
• Provide timely and accurate reporting on ICS performance to support business requirements and manage ICS risks.
• Evaluate current and future ICS threats so that informed, timely action to mitigate risks can be taken.
• Promote continuous improvement in ICS to reduce costs, improve efficiency and effectiveness, and promote a culture of continuous improvement.
• Foster a security-positive culture that influences the behaviour of IT consumers to reduce the likelihood of ICS incidents occurring and limit their potential business impact.

RESPONSIBILITIES

Responsibility for this Policy ultimately lies with the BCEGI Lead Director.  Day to day responsibility lies with the IT Manager – supported by the Management Team – who is responsible for the implementation of the Policy Statement and associated arrangements.  This Policy Statement and associated arrangements are mandatory and apply to all employees, agency staff, temporary staff, professional bodies and supply chain partners who use any BCEGI IT services.   Workers are responsible themselves for not committing acts that are unlawful or leave the business open to Information & Cyber Security threats.

ARRANGEMENTS

This Policy Statement and associated arrangements are maintained in the BCEGI Integrated Management System (iMS).  They will be continually reviewed and improved in line with the needs of the business and to ensure ongoing compliance with legislation and best practice. It will be brought to the attention of all new workers during induction and will be available to all workers via the BCEGI iMS.

Compliance with this Policy Statement will be regularly monitored through the BCEGI internal audit programme, regular review of IT and business performance, monitoring of incidents and via the BCEGI Management Review process. Incidents of non-compliance may be treated as misconduct which may warrant dismissal from employment.

AUTHORISATION

Dongwen Yu
Lead Director
1^st Jan 2021