1. Purpose

Falkland Islands Spirits Limited (“the Company”) recognises that the confidentiality, integrity, and availability of information are critical to our operations, legal compliance, and the trust of our customers and partners. This policy sets out our approach to protecting all information assets from security threats—internal, external, deliberate, or accidental.

2. Scope

This policy applies to all employees, contractors, and third parties who access, process, or manage information or IT systems belonging to or operated on behalf of the Company, including remote access and cloud services.

3. Policy Statement

The Company is committed to maintaining effective and appropriate information security measures, ensuring:

  • Information is protected against unauthorised access or misuse
  • The integrity and accuracy of data is preserved
  • Information is available to authorised users as needed
  • Full compliance with applicable Isle of Man laws and regulations, including:

– The Isle of Man Data Protection Act 2018

– The Isle of Man GDPR (equivalent to the EU GDPR)

– Any relevant financial and industry standards, such as PCI DSS

4. Payment Data Security

We protect payment data and ensure secure processing through:

  • Requiring TLS 1.2 or higher for all transactions
  • Using end-to-end encryption (E2EE) for cardholder data
  • Never storing sensitive card data unless via a PCI-compliant third-party provider
  • Employing only trusted PCI-DSS-compliant payment gateways
  • Applying secure API integration practices
  • Enforcing Multi-Factor Authentication (MFA) for access to payment systems
  • Limiting payment data access to authorised personnel only
  • Running real-time fraud monitoring systems
  • Maintaining and testing a detailed incident response plan
  • Providing customers with:

– Strong password controls

– Alerts for suspicious activity

 

Logo of Tumbledown Distillery Gin, Artisan Handcrafted Premium