Meeting our regulatory requirements 

We process large amounts of confidential information for our clients and must adhere to all legal requirements regarding data protection and information security. This ensures that we protect and maintain our reputation and that of our clients and their customers.

Data protection and security

Managing our clients’ services responsibly means adhering to all legal requirements regarding data protection and information security.

We have robust policies and procedures to govern data security, and give our employees user guidance and online training. It is mandatory for all Capita employees to complete information security, data protection and fraud awareness training every year. The training is reviewed and updated regularly, and those employees working in sensitive areas receive specific, detailed training on the relevant client processes they are working on.

Our employee vetting policy applies to all employees, including contractors and temporary employees. This is driven by the need to ‘know your employee’ in line with the FSA’s statutory objective.

Policies, procedures and training

Our approach to information security is based on the Capita Group security model (compliant with accepted industry security practice ISO/IEC 17799).



Our policies outline the minimum standards for information security. User guidance is essential to helping employees implement our policies and embed an information security culture. Everyone handling secure information is issued with our Group Information Security policies, which set out clear and practical guidance.  Each employee’s responsibilities are set out in the Capita Employee Handbook which has a section on information security and confidentiality. 

We provide a series of simple ‘do’s and don’t guides’ for our employees and provide online training on information security, data protection and fraud that helps employees understand their responsibilities, both inside and outside of work. 

The modules are updated and refreshed to keep the content up-to-date with the latest security threats. Our employees must pass a test at the end of the training to show their understanding. Employees working in more sensitive work areas receive specific, detailed training related to the client processes they are working on.

Each division of Capita has clear incident procedures for identifying, investigating and rectifying any security breaches that do occur. Where necessary, we will work with our client to report any breaches to the Information Commissioner, regulators or the police.