Information Transfer Policy

1. Purpose 

This Information Transfer Policy – External Summary provides a highlevel overview of how Phonovation Limited ensures the secure transfer of information within the organisation and with external parties. It is intended to support customer, partner, and regulatory duediligence activities by outlining the principles and governance applied to informationtransfer practices. 

This document does not disclose internal technical configurations, approved communication tools, specific security settings, or operational procedures. Detailed standards, controls, and evidence are maintained internally as part of Phonovation Limited’s Information Security Management System (ISMS). 

 

2. Scope 

This policy applies to the transfer of information within the scope of Phonovation Limited’s ISMS, including: 

  • Customer and partner information 

  • Personal data processed on behalf of customers 

  • Business, operational, and technical information 

  • Information exchanged with suppliers, partners, and service providers 

It covers electronic and other forms of information transfer involving employees, contractors, and third parties. 

 

3. Information Transfer Principles 

Phonovation Limited applies the following principles to all informationtransfer activities: 

  • Confidentiality: Information is transferred only to authorised recipients. 

  • Integrity: Information is protected against unauthorised alteration during transfer. 

  • Availability: Information is transferred using reliable methods appropriate to business needs. 

  • Least Privilege: Access and transfer permissions are limited to what is necessary. 

  • Accountability: Information transfers are subject to logging, monitoring, and review. 

These principles are aligned with ISO/IEC 27001 and applicable regulatory requirements. 

 

4. Secure Communication and Transfer Methods (HighLevel) 

Phonovation Limited uses controlled communication channels and secure transfer mechanisms appropriate to the sensitivity and classification of the information being exchanged. 

Security measures applied to information transfer may include, as appropriate: 

  • Use of secure communication protocols and encryption 

  • Authentication and accesscontrol mechanisms 

  • Monitoring and logging of informationtransfer activities 

The selection and configuration of specific communication channels and security controls are managed internally based on risk assessments. 

 

5. Information Transfer with External Parties 

Where information is transferred to or received from external parties, Phonovation Limited applies controls designed to ensure that security and dataprotection obligations are maintained. 

This includes: 

  • Defining informationsecurity and confidentiality requirements contractually 

  • Ensuring appropriate dataprocessing and confidentiality agreements are in place where required 

  • Assessing thirdparty risks prior to onboarding and periodically thereafter 

External informationtransfer arrangements are governed in line with Phonovation Limited’s suppliersecurity and thirdpartyrisk management practices. 

 

6. International and Cross – Border Transfers 

Where information is transferred across borders, including the transfer of personal data, Phonovation Limited ensures that such transfers are conducted in accordance with applicable legal and regulatory requirements, including GDPR. 

Appropriate safeguards are applied to support lawful and secure international data transfers. 

 

7. Incident Management Related to Information Transfer 

Suspected or actual security incidents related to information transfer are managed in accordance with Phonovation Limited’s incidentmanagement framework. 

This includes: 

  • Prompt assessment and containment of incidents 

  • Alignment with personaldata breach requirements where applicable 

  • Regulatory and contractual notification where required 

Detailed incidentresponse procedures and notification timelines are maintained internally. 

 

8. Resilience and Continuity 

Informationtransfer capabilities supporting critical services are designed to support operational resilience and business continuity. 

Arrangements are periodically reviewed and tested to ensure that information can be transferred securely and reliably during normal operations and disruptive events 

 

9. Governance and Oversight 

Informationtransfer activities are supported by defined roles and responsibilities within Phonovation Limited. Oversight mechanisms ensure that informationtransfer practices remain effective, compliant, and aligned with organisational and regulatory expectations. 

Informationtransfer risks and improvement opportunities are reviewed as part of broader informationsecurity and riskmanagement activities. 

 

10. Policy review 

This Information Transfer Policy – External Summary is reviewed periodically to ensure it remains appropriate and aligned with: 

  • Changes in business operations or services 

  • Evolving threat, risk, and regulatory landscapes 

  • Informationsecurity and dataprotection best practices 

Detailed internal informationtransfer policies, procedures, and evidence are maintained and made available to authorised parties under appropriate confidentiality arrangements.