Data Protection Information Security Policy

HardSoft is the UK’s #1 computer leasing and Devices as a Service provider. Founded in 1983, our mission is to provide end2end solutions to provide businesses with a simple and flexible answer to their technology and finance needs an Is the One Stop Solution for IT requirements, since 1984. Our mission is to offer expert advice on technology and financing, & provide businesses with the Hardware, Software & IT infrastructure to secure lasting & optimised IT solutions are implemented, kept up to date & maintained in your business

To provide assurance that we are following best practices for information security when providing these services, we have implemented a combination of technical and operational security initiatives, including establishing an information security management system (ISMS) which is certified to ISO27001:2013.   The HardSoft ISMS is operated to achieve the following security objectives:

  • Comply with customers’ information security requirements and operational processes.
  • Minimise our and our customers exposure to cyber security and information security risks.
  • Protect HardSoft and customer information from unauthorised access, modification, or loss.
  • Substantiate our commitment to protecting information by maintaining UKAS Certification to ISO27001.
  • Comply with legal and contractual requirements.
  • Maintain a consistent level of information security protection within the business.
  • Engaging with suppliers with appropriate controls to protect information provided to them.
  • Regularly reviewing and, where necessary improving our information security practices.

All staff and, where appropriate, suppliers are required to comply with the HardSoft ISMS and supporting policies. Noncompliance may lead to disciplinary action or termination of contracts.

Information Security Responsibilities.

  • The Information Security Officer is responsible for the implementation and management of the ISMS, including reporting upon its effectiveness to the co-founders.
  • The Information Security Forum oversees the implementation and management of security controls.
  • Information Asset / Risk Owners are responsible for identifying and classifying their information and addressing risks.
  • Managers at all levels are directly responsible for complying with our information security controls and ensuring adherence by their staff.
  • All staff including temporary workers contractors, and where appropriate, 3rd parties are responsible for complying with our information security policies.

Security Management.

  • Information assets are identified, assessed for risk, and appropriately protected.
  • Risk escalation processes have been implemented.
  • Security policies covering IT systems, personnel security, facilities, supply chain assurance, business continuity and the collection, use, sharing, retention, and disposal of information have been implemented and adhered with.
  • Information security training is available to all staff, including temporary workers and contractors.
  • All actual or suspected breaches of information security are reported to and investigated by the Information Security Officer.
  • Our ISMS and information security controls is regularly assessed to demonstrate compliance.
  • Our Co-founders conduct a review of the ISMS at least annually to determine its effectiveness and drive continual improvement.

For further information on this policy please contact Sophie Hayes (