Login

  • Home
      • Fuel cards
            • Telematics
            • Vehicle tracking
            • Asset tracking
            • Vehicle cameras
            • Knowledge hub
            • Login
            • Vehicle insurance
            • Business insurance
            • Claims management
            • Vehicle leasing
            • Vehicle hire
            • Salary sacrifice
            • New business vehicle finance
            • Business mobiles
            • SIM only
            • Cloud communications
            • Business internet
            • IT and security
            • EV charge cards
            • EV charging points
            • EV charging software
        • Energy
          • Expense management
        • Partnerships
        • Our mission
        • Our offices
        • Careers
        • Leadership team
        • News
        • ESG
        • Contact us

        Radius offers fuel cards, telematics, vehicle leasing, EV charge points, telecoms and more to businesses globally. Established in 1990, we're trusted by SMEs all over the world to help them grow and become more productive.

        Our solutions

        About us

        • Our solutions

          • Fuel cards
          • Telematics
          • Telecoms
          • Insurance
          • Vehicle solutions
          • EV charging
          • Business energy
          • Expense management
          • Partnerships

        • About us

          • ESG
          • Our mission
          • Leadership team
          • News
          • Careers
          • Contact us
          • Blog
          • Case studies

        Change region

        Radius terms and conditionsPrivacy PolicyHR Privacy PolicyCookie policyModern slavery statementEnvironmental policyData protection Acceptable use Gender Pay Review ReportGroup tax strategy Section 172 statementsRadius complaints policiesRadius credit agreement policiesFuel account and card charges

        © 2025 Radius Limited - 08260702 Eurocard Centre Herald Park, Herald Drive, Crewe, CW1 6EG

        Data Protection Statement – Organisational and Technical Measures

        Radius Limited (“Radius”), is committed to ensuring the security and protection of all personal information that it processes, be that information owned by the organisation, processed on behalf of its customers, or users of its services.  Applying a risk-based approach to data privacy, effective organisational, procedural, and technical controls have been implemented to comply to existing law and data protection principles.

        To ensure this protection, Radius uses the ISO 27001 Information Security Management System (ISMS) framework.  Investing heavily in its IT infrastructure, Radius has held ISO 27001 Certification since 2018, successfully achieving certification to the new 2022 standard in March 2024.  In addition to this, Radius has also achieved the Cyber Essentials Plus certification since 2016.

        The below information provides a detailed breakdown of the controls implemented by the organisation.

        The statement was last reviewed and updated on 24th June 2024 – Version 2.0

        Organisational roles and responsibilities are defined and documented, with an accountable executive owner, ensuring appropriate resource is allocated to align to the Group’s strategic direction.  The ISMS is centrally managed by a dedicated team of Compliance, Internal Audit, Information Security, and Cyber Security professionals.

        Information Security risks are captured as part of a risk management framework based upon the defined scope and criteria of the ISMS.  Internal objectives are set and monitored on a regular basis with senior stakeholders.

        An overarching Information Security policy is in place with Executive Statement.  Primary policies are mandatory for all staff and a secondary policy set is categorised based on relevance to certain areas of the business e.g., IT Software Development.  All staff can access these on our internal Intranet site and training is provided on an annual basis within our Learning Management System.

        All information is processed through the Group’s Data Classification guidelines, with appropriate controls assigned for Confidential, Private and Public data.  An inventory of assets and systems is in place, with ownership assigned to relevant management. 

        An incident reporting policy and procedure is also in place, with an easy reporting mechanism for staff to report events or incidents.  Incidents are logged and handled by internal Information Security and Cyber teams.    A breach reporting procedure is documented and captured as part of the organisation’s Business Continuity Planning.  Plans are reviewed and tested regularly (at least annually).  Lessons learned are documented and cascaded.

        Security risk assessments are conducted for suppliers based on their interaction with Radius systems and data.  Contracts, agreements, and NDAs are implemented in line with a formal Supplier Management Policy.

        All relevant legislation and regulatory requirements have been identified and reviewed, with ongoing horizon scanning.  A Data Protection Officer has been assigned to ensure compliance with Data Privacy legislation that Radius operates under its jurisdictions.  Impact assessments are conducted for any major changes to processing activities to ensure continued compliance.

        All employees are screened in line with risk accepted levels, with additional DBS checks completed for senior staff and those conducting work in Regulated areas.  Responsibilities and terms and conditions for confidentiality are communicated and signed by staff in employee contracts, with ongoing provisions after contract termination.

        A formal starters, movers and leavers process is in place to capture on and offboarding criteria, with disciplinary action clearly stated for employees failing to meet Information Security policies.

        Information Security training is mandatory and provided to all staff on at least an annual basis through the Group’s Learning Management System.  Additional training will be provided off the back of any events, feedback, or changes in legislation.

        Risk assessments are conducted for all Radius sites in line with best practice principles for physical security, with numerous controls implemented such as access control ID cards, CCTV and ANPR cameras and security alarms. Access to secure areas is provided on an as needed basis and approved and reviewed by department leads.  Regular clear desk sweeps are completed at office locations.

        3rd party data centres are hosted with strict physical security requirements, with annual assurance completed. 

        Regular maintenance of equipment and utility services is undertaken, and end-of-life equipment is recorded and disposed of in line with WEEE Regulations (or non-UK equivalent) and our Environmental Policy.

        Managed by its internal IT Operations, Cyber and Infrastructure teams, Radius uses leading technology to identify, monitor and mitigate potential threats within its secure network and server environments e.g., NDR and EDR, with end-point protection in place across assets.  Cryptography keys are managed centrally and in accordance with best practices.

        All users are issued standard user accounts comprising of a unique ID and password and least privilege. Elevated privileges and segregation of duties are applied to administrator access.  Access can only be granted using internal service tickets with the relevant approvals.  Multi-factor authentication (MFA) is in use across the Group and single sign-on (SSO) is being increasingly adopted..  Access is routinely reviewed to ensure need-to-know principles are followed.

        Regular capacity management reviews are conducted with automated alerts in place to determine when capacity reaches its limit.  Backups are in place and are regularly tested to ensure they would work within a ‘real life’ situation.  Logs are retained for 12 months.

        Network segregation is implemented across the estate with numerous security mechanisms to detect and prevent access to information systems such as firewalls and DMZs.  Network monitoring through NDR and EDR solutions is also in place.

        3rd party assurance is obtained through regular independent penetration testing, and vulnerability assessments of externally exposed applications are carried out on a regular basis.  Annual certification audits are also performed for ISO 27001 and Cyber Essentials.

        Information Security is embedded within security by design principles for IT Software Development, with Data Protection Impact Assessments (DPIAs) completed for all mandated changes.  Secure Software Development Lifecycle (SDLC) Policies and processes are in place with code reviews completed.  Testing is carried out by an internal testing team.  A Change Enablement/Management procedure is aligned to ITIL v4 principles and weekly Change Advisory Board meeting takes place to review and approve planned changes.