Encrypted data
Data is protected with encryption at rest and in transit, with encryption keys and access managed through secure vault controls.
Last reviewed: May 2026
Cybersecurity
Systems and operations are designed to protect customer, partner, listener, employee and public data through secure and responsible cybersecurity practices.
Governance & oversight
CCUK treats cybersecurity, data protection and operational resilience as core business responsibilities. We use organisational policies, technical controls, monitoring and regular reviews to support the secure handling of information across our operations.
Security measures include access controls, endpoint protection, staff awareness training and cloud security designed to protect systems and data.
Security and data protection practices are maintained in line with applicable UK legal and regulatory requirements, including GDPR where relevant. Incidents and vulnerabilities are managed through established operational processes, with escalation and notification handled according to the nature and severity of the issue.
Cloud security
Services operate on Microsoft Azure infrastructure using security, monitoring, resilience and access-control measures designed to protect systems and data.
Training
Staff receive cybersecurity awareness training designed to help identify, prevent and respond to evolving security threats.
Review
Cybersecurity and operational risk are periodically reviewed as part of management and business governance processes.
Monitoring
Security operations use monitoring, alerting and investigation tooling designed to support threat detection, incident investigation and access governance.
Cloud application controls provide visibility over risky or unauthorised activity.
Audit and investigation capabilities support compliance, incident response and forensic review.
Identity monitoring helps detect suspicious sign-ins, credential misuse and identity-based attacks.
Threat protection
Email and collaboration controls help defend against phishing, ransomware and malicious content.
Endpoint protection supports device monitoring, threat detection and investigation.
Data protection controls help identify, classify and protect sensitive information.
Identity
Access is limited to authorised users using measures including multifactor authentication, conditional access and privileged access management, with access reviewed on a need-to-know basis.
Report a cyber concern
CCUK encourages the responsible disclosure of security vulnerabilities and suspected security issues identified in good faith.
Reports are reviewed and prioritised according to risk and operational impact, with responses handled appropriately and in a timely manner.