Login

We have two different logins

Icon

ValidateSkills Tests

Login
SFIA Icon

VSAP & ITSA Self-assessments

Login

Our Information Security Policy

Validateskills.com is committed to maintaining a secure, resilient and trustworthy environment for all users.

This Security Policy outlines the measures we take to protect information, support regulatory compliance, and ensure that our digital services remain reliable and secure at all times.

1. Purpose

The purpose of this policy is to define the principles and responsibilities that guide how Validateskills.com protects information assets and manages risks. This includes safeguarding user data, supporting secure access to services, and applying controls that align with recognised cybersecurity frameworks and industry best practice. Modern security policies emphasise clarity, leadership backing and defined expectations, forming the foundation of a robust security programme.

2. Scope

This policy applies to:

All digital products and services provided by Validateskills.com

All data processed, transmitted or stored on our systems

All employees, contractors, clients and partners accessing or using our systems

All devices, applications, networks and hosting environments managed by or on behalf of Validateskills.com

3. Security Principles

We follow widely adopted cybersecurity principles used across leading organisations:

Confidentiality

Information is only accessible to authorised individuals with a legitimate business need.

Integrity

Data is accurate, complete and protected from unauthorised alteration.

Availability

Systems and services remain reliable and accessible when required.

These principles reflect the core building blocks found in effective security frameworks.

4. Roles and Responsibilities

Security requires shared accountability across our organisation:

Leadership provides direction, oversight and governance to ensure security controls remain effective and aligned to business needs.

Employees and contractors must follow all security guidelines, complete any required training, handle information appropriately, and report security concerns promptly.

Technical teams maintain secure configuration, implement controls, monitor systems and support incident response.

Third‑party providers must meet our security expectations, comply with contractual terms and follow safe data‑handling practices.

5. Access Control

We apply strict access controls to ensure that only authorised users can access data or system functions:

Access is granted on a minimum‑privilege, need‑to‑know basis

Authentication measures are used to protect all accounts

Access rights are reviewed regularly

Administrative privileges are restricted to trained personnel and monitored consistently

Access control is one of the most essential components of any effective security policy.

6. Data Classification & Handling

Validateskills.com classifies information to ensure appropriate levels of protection:

Public information – Approved for open release

Internal information – For general internal use

Confidential information – Business or operational information requiring controlled access

Sensitive information – Personal or regulated data requiring the highest safeguards

Classification models are consistent with common industry frameworks and data‑handling policies.

All sensitive or confidential data is encrypted where appropriate, handled securely, and protected from unauthorised disclosure.

7. Acceptable Use

Users of our systems must:

Use systems lawfully, responsibly and in line with organisational guidelines

Protect passwords and authentication credentials

Avoid installing unauthorised software or bypassing security controls

Refrain from any activity that could compromise system integrity

Acceptable Use Policies are considered foundational across all modern security policy suites.

8. System & Network Security

To maintain secure systems, we ensure:

Secure configuration and regular patching of systems and devices

Protection against malware and harmful code

Use of secure development and change‑management practices

Monitoring of network activity to detect anomalies or unauthorised access

These measures are standard within security policy templates published across the industry.

9. Incident Reporting & Response

All users and staff must report suspected security incidents or weaknesses immediately.

Our incident response approach includes:

Logging and assessment of incidents

Rapid containment and remediation actions

Communication to affected stakeholders where appropriate

Post‑incident analysis to strengthen controls

Incident response policies form a core component of effective security management.

10. Third‑Party & Vendor Security

Any third‑party provider handling data or providing services for Validateskills.com must:

Meet our security requirements

Use secure methods to process and store data

Comply with applicable legal and contractual obligations

Vendor risk management is a recognised modern security requirement across policy frameworks. 

11. Compliance & Legal Obligations

We comply with applicable UK data protection laws, digital service requirements and relevant industry legislation.

Policies emphasising legal compliance are a central theme of widely adopted security templates. 

12. Continuous Improvement

Validateskills.com reviews its security practices regularly to:

Adapt to emerging threats

Address new technologies and evolving business needs

Maintain alignment with recognised security frameworks

Annual reviews and updates are recommended as part of modern template guidance.