1. Purpose

This policy is a summary of our internal policy. It provides an overview of how Britannia Advisory protects the confidentiality, integrity, and security of the personal and business information we collect, hold, and process. It should be read alongside our Privacy Policy, GDPR Policy, Data Retention Policy, and Data Systems documentation, available on our website. A copy of our full Information Security Policy is available upon request to admin@britanniaadvisory.com.

​

2. About us

Britannia Advisory is the trading name of PG&E Professional Services Ltd (“we”, “us”, or “the Company”). Details about Britannia Advisory can be found here. 

 

3. Responsibility and oversight

We have appointed a Data Protection Officer who is responsible for overseeing compliance with data protection and information security requirements. Any queries relating to this policy or information security should be directed to the Data Protection Officer.

 

4. Scope

This policy applies to all staff, contractors, consultants, and service providers authorised to access Britannia Advisory’s IT systems and data (“Users”).

 

5. Acceptable use and security principles

Users may access Company systems only for authorised business purposes and must:

• comply with all applicable legal, regulatory, and contractual obligations;

• protect confidential and personal information throughout its lifecycle; and

• exercise due skill and care when handling Company data.

Access to inappropriate or unlawful material is prohibited. Systems must not be used for third-party activities.

 

6. Protection of confidential information

Britannia Advisory processes sensitive personal and commercial information, including identification documents, financial data, and business records. All such information must be treated as strictly confidential and safeguarded against unauthorised access, loss, or disclosure.

 

7. Systems, access, and monitoring

Access to Company systems is restricted to authorised Users and protected by appropriate technical and organisational measures, including authentication controls. The Company reserves the right to monitor system usage where necessary to ensure security and compliance with policies.

 

8. Devices and remote working

Users must ensure that devices used for Company business are secure, password-protected, and used in accordance with Company policies. Reasonable measures must be taken to protect information when working remotely or while travelling.

 

9. Incidents and breaches

Any suspected data loss, security incident, or unauthorised access must be reported immediately to the Data Protection Officer so that appropriate action can be taken.

 

10. Policy updates

This policy is reviewed periodically and may be updated from time to time. The most recent version is available on our website.

 

Last updated: 14 January 2026

​

​