The Compliance, Governance and Improvement (CGI) team helps protect our data, uphold regulatory standards, and promote best practice across the business. The team is responsible for Compliance, Accreditations, Information Security, and Data Protection, ensuring that we operate to the highest standards of accountability and transparency. CGI runs a company-wide GDPR programme, working with teams across the business to manage and monitor how we process personal data for our internal operations, clients, and third parties. Our data privacy practices are regularly reviewed against GDPR requirements to make sure that everything we do remains compliant, secure, and responsible.

We have held ISO 27001, ISO 14001, and Cyber Essentials accreditations since 2014, demonstrating our long-term commitment to information security, environmental management, and sustainable business practices. These accreditations are supported by regular external audits, ensuring that our controls and processes continue to meet recognised international standards. We also assist with contracts, tenders, and due diligence processes where compliance, security, or data protection evidence is required. In addition, the team supports colleagues by offering clear guidance whenever there is uncertainty. If you receive a request for information, data, or access that you’re not sure about, whether it looks unusual, feels suspicious, or simply isn’t clear, contact the CGI team for advice before taking any action. Together, we help maintain a culture of privacy, security, and trust at every level of the organisation.