Protect project information
Site records, tenders, quotations, contracts, photographs and handover evidence are treated as controlled business information.
Approved company policy
Cyber Security Policy
A practical Veraxus policy for protecting systems, accounts, tender records, site evidence, supplier details and payment communications from cyber risk.
Why it matters: secure digital working helps protect client trust, project continuity, commercially sensitive information and the evidence Veraxus relies on for quotations, works, handover and governance.
01Secure systemsAccounts, devices, email and cloud records are protected with proportionate controls.
02Controlled accessAccess is based on role, business need and least privilege.
03Fraud preventionPayment changes, suspicious requests and unusual emails are verified before action.
04Fast reportingConcerns are raised early so issues can be contained, assessed and recorded.
Policy at a glance
Cyber security, written for real project work.
This page summarises the signed policy in plain language. The controlled PDF remains the formal document for tenders, client assurance and governance evidence.
Reduce email and payment risk
Unexpected links, invoice changes and urgent payment messages are checked before being trusted or acted on.
Control devices and accounts
Passwords, MFA where available, updates, device security and approved systems support safer day-to-day working.
Recover and improve
Backups, reporting, incident records and lessons learned help maintain continuity and strengthen future controls.
What this means in practice
Built into how Veraxus handles information.
The policy is not just a document for a website. It supports controlled communication and safer handling of the records that move through construction and refurbishment work.
Project records
Controlled evidence from first enquiry to handover.
Drawings, quotations, RAMS-related records, photographs, snagging notes and handover documents are managed as business records, not casual files.
- Use approved storage and sharing routes where practical.
- Share only what the recipient needs for the relevant project purpose.
- Keep project evidence clear, relevant and professionally controlled.
Email and finance
Pause, verify, then proceed.
Construction work often relies on quick instructions, quotations and payment communication. The policy makes verification part of responsible delivery.
- Check unexpected attachments, links and changes to bank details.
- Verify sensitive or payment-related changes through trusted routes.
- Report suspicious emails early rather than trying to resolve them alone.
Continuity
Records should be recoverable when work depends on them.
Backups, controlled accounts and reporting routes help reduce downtime from accidental deletion, device loss, malware or ransomware.
- Important business records should not live only on one device.
- Critical accounts and storage should be protected with strong access controls.
- Incidents are recorded so the business can correct and improve.
Delivery journey
Where cyber controls show up.
Veraxus handles cyber security through practical decisions at each stage of work: what is collected, who receives it, where it is stored, how it is verified and how concerns are reported.
Tender and quotation stage
Client details, site information, prices, assumptions and supporting evidence are kept controlled and shared only for the relevant purpose.
Mobilisation and supplier coordination
Supplier contacts, subcontractor information, RAMS records and access details are handled through approved communication routes.
Live project delivery
Site photographs, messages, instructions, snagging records and quality evidence are retained carefully and not treated as informal public material.
Payment and commercial administration
Invoice changes, bank details, urgent payment requests and unexpected instructions are verified to reduce business email compromise risk.
Review, handover and improvement
Records are backed up, retained where required, disposed of when appropriate and used to improve future controls.
Key commitments
Clear standards without exaggerated claims.
These commitments reflect the approved policy and are framed carefully: proportionate controls, recognised good practice alignment, and improvement as the business grows.
Access is limited by need.
Company records and systems should only be accessed by people with a legitimate role or business reason.
Passwords and MFA are used sensibly.
Strong, unique passwords and multi-factor authentication are used where available, especially for email, cloud and finance-related systems.
Devices stay protected.
Updates, screen locks, anti-malware controls and careful physical handling help reduce avoidable risk.
Suspicious emails are challenged.
Unexpected links, attachments and payment changes should be verified before action.
Backups support continuity.
Important records should be recoverable and not dependent on one device or uncontrolled account.
Incidents are reported early.
Lost devices, suspected phishing, malware warnings, misdirected emails and data concerns are raised promptly so they can be contained and recorded.
Third parties are handled with care.
Suppliers, subcontractors, consultants and advisers should use relevant information responsibly and only for proper project or business purposes.
Document details
Controlled policy status.
The official signed PDF is the formal Veraxus reference for client assurance, tender uploads, governance evidence and adviser review.
Document title
Cyber Security Policy
Company
Veraxus Ltd
Status
Approved and signed electronically
Approval date
08 May 2026
Next review
08 May 2027, or earlier if required
Document owner
Director
Download status
Available as controlled PDF
Responsible delivery note
Care, control and communication.
For Veraxus, cyber security is part of the same professional discipline expected in safe site work, quality records and client communication. It supports careful handling of information, respectful treatment of people’s data and continuous improvement as systems, clients and project requirements develop.
Care
handle information responsibly
handle information responsibly
Control
limit access and sharing
limit access and sharing
Communication
verify before acting
verify before acting
Accountability
report and record issues
report and record issues
Quality
keep evidence reliable
keep evidence reliable
Improvement
review after change
review after change
Download the controlled policy PDF.
This website page is a plain-language presentation summary. For tenders, client review, portals or formal governance evidence, use the signed official PDF.
Reference / guidance alignment: This policy is aligned with relevant UK legal duties, ICO guidance on security and personal data breach handling, NCSC small-organisation cyber security guidance, and recognised good-practice themes such as access control, secure devices, phishing awareness, backup, recovery and incident reporting. No certification is claimed by this website summary.