Cybersecurity Policy

Staying compliant is essential for avoiding penalties, protecting reputation, and maintaining customer trust. Millgate helps you develop cybersecurity policies that align with the industry frameworks and legal requirements relevant to your sector, such as:

• Cyber Essentials & Cyber Essentials Plus
• ISO 27001
• GDPR / UK GDPR
• NIS2 (where applicable)
• PCI‑DSS for payment environments
• Sector‑specific regulations (education, healthcare, finance etc.)

A strong cybersecurity policy doesn’t just outline how to prevent incidents, it defines what happens when they occur. Millgate creates incident response policies that give your teams a clear, structured plan to follow during a cyber event.

Your policy will define:

• How incidents are classified and prioritised
• Who must be notified and when
• Roles and responsibilities during an incident
• Containment procedures
• Communication and escalation paths
• Forensic evidence handling
• Post‑incident reporting and lessons learned

Today’s workforce expects to use personal devices for email, collaboration, and remote access, but without a clear policy, BYOD environments introduce significant security risk.

Millgate designs BYOD policies that protect both the business and the user, covering:

• Device eligibility and requirements
• Mobile device management (MDM) controls
• Encryption, passcode and security baseline expectations
• Access restrictions for personal devices
• Data separation rules (work vs personal)
• Acceptable use guidance
• Remote wipe procedures
• User privacy considerations

We structure BYOD policies to balance security, usability, and employee trust, ensuring your organisation stays protected without making personal device use complicated.