Information and Cyber Security Policy
Last updated: July 2026 (v23.0)
Hybytes Ltd is committed to protecting the confidentiality, integrity and availability of the information we hold — our customers', our partners' and our own. Our security programme is risk-based and aligned to recognised good practice (Cyber Essentials and the principles of ISO/IEC 27001), and includes: least-privilege access control with multi-factor authentication; encryption of data in transit and at rest; separation of production and non-production environments; secure development practice with dependency and vulnerability scanning in CI/CD; automated backups with tested restores; centralised logging, monitoring and alerting; endpoint protection and mobile device management; documented incident response with notification obligations under our DPA; supplier security assessment; and security awareness training for all staff. The policy owner is a company director; the policy is reviewed at least annually. Product-level measures appear in the Swiip Security Overview and DPA Annex II. This statement is a summary of internal policy and does not form part of any contract.