Policy : Zero Trust Architecture

Commitment to Security-First System Design
We trust nothing and verify everything. In a world of increasing cyber threats, evolving attack vectors, and distributed architectures, security cannot be assumed - it must be continuously validated. We embrace a Zero Trust Architecture (ZTA) where every request, identity, and system interaction is authenticated, authorised, and monitored, regardless of whether it originates inside or outside our network. By adopting a security-first mindset, we ensure that our systems are protected by default, resilient to threats, and adaptive to evolving risks.

What This Means
Every system, application, and process must be designed with Zero Trust principles from the ground up. Security is never implicit - it must be explicitly enforced at every layer.

Our commitment to Zero Trust Architecture is built on:

  • Identity & Access Verification at Every Stage – We authenticate and authorise every user, device, and system interaction using strong identity management and least-privilege access controls.
  • Continuous Monitoring & Anomaly Detection – We implement real-time security monitoring, threat detection, and behavioural analytics to proactively identify and mitigate risks.
  • Micro-Segmentation & Network Isolation – We design systems with granular segmentation, ensuring that access is restricted to only what is necessary to minimise attack surfaces.
  • Encryption Everywhere – We encrypt data at rest, in transit, and during processing, ensuring confidentiality and integrity across our systems.
  • Automated Security Policies & Adaptive Controls – We enforce dynamic, context-aware security policies that adapt to changing risk conditions in real time.

Why This Matters
Traditional perimeter-based security models are no longer sufficient in an era of cloud, remote work, and sophisticated cyber threats. By implementing Zero Trust principles, we:

  • Eliminate implicit trust and reduce security risks across our organisation.
  • Minimise the blast radius of potential breaches by enforcing least-privilege access.
  • Improve resilience against insider threats, phishing attacks, and compromised credentials.
  • Enable secure, scalable digital transformation by embedding security into every interaction.

Our Expectation
All teams must adopt a Zero Trust mindset, ensuring that security is proactively validated at every level of our technology ecosystem. Leaders must prioritise identity, access management, and continuous monitoring, ensuring that security remains dynamic, adaptive, and aligned with evolving risks.

To support this policy, Zero Trust frameworks, automated security controls, and identity-driven access models will be embedded into our engineering and operational practices, ensuring that security is always enforced without compromising agility. By making Zero Trust Architecture a core principle, we strengthen our security posture, protect our data, and ensure safer, more resilient operations - delivering Better Value Sooner Safer Happier.

This policy establishes Zero Trust as a security standard, ensuring that every access request and system interaction is continuously verified and protected.