top of page

Information Security & Data Protection

Our Commitment to Information Security

Spotlight Investigations recognises that information security and data protection are fundamental to the services we provide. We handle sensitive personal, commercial, and legal information on behalf of insurers, legal professionals, and corporate clients, and we take our responsibilities in this regard seriously.

Information security and data protection are embedded within our governance, operational processes, and service delivery.

word-security-written-in-binary-code-with-magnifyi-2026-01-07-02-14-37-utc.jpg

Governance & Oversight

Responsibility for information security and data protection rests at senior management level and is supported by formal governance structures.

Spotlight Investigations has an in-house Solicitor who acts as Data Protection Officer and oversees regulatory compliance, data protection obligations, and information governance across all services.

Documented policies and procedures are in place and are reviewed regularly to ensure ongoing compliance with legal and regulatory requirements.

Standards & Regulatory Framework

Our information security and data protection practices align with:

  • ISO 27001 – Information Security Management

  • ISO 9001 – Quality Management

  • General Data Protection Regulation (GDPR)

  • Data Protection Act 2018

  • Private Security Authority (PSA) licensing requirements

 

These frameworks guide how information is handled, protected, and governed throughout its lifecycle.

Information Security Controls

Spotlight Investigations employs a range of organisational and technical measures designed to protect information against unauthorised access, loss, or misuse.

These measures include, at a high level:

  • Controlled and role-based access to information

  • Secure systems and environments for case management and data storage

  • Encryption of data in transit and at rest

  • Regular review of access rights and system controls

 

Specific security measures are not publicly disclosed for security reasons.

Incident Management & Risk

We maintain documented procedures for identifying, managing, and responding to information security and data protection incidents.

Where required by law or regulation, incidents are assessed, escalated, and reported in accordance with GDPR and applicable regulatory guidance. Clients are notified where appropriate and required.

Further Information

Further information, including policy documentation and security assurances, can be provided as part of tender, panel, or due-diligence processes.

bottom of page