If you have any further questions, please contact your Account Manager or email enquiries@barbour-ehs.com and we’ll be happy to help.

What is Barbour EHS?

Putting simply, Barbour EHS is a website that hosts information and links to downloadable documents.

You can access it via any browser anytime, anywhere, from any device that is connected to the internet.

It is not software, and this means you don’t need to download or install anything to use our services.

Where is Barbour EHS hosted?

The Barbour EHS service’s servers are based in XYZ.

Our marketing website’s servers are based in London.

What cybersecurity arrangements are in place?


Common IT queries

•  Are one or more firewalls been installed on the boundary of the internal network(s)?


•  Has the default administrative password of the boundary firewall(s) been changed?


•  Has the boundary firewall administrative interface been configured so that it only accessible from your own networks?

Yes – managed via console

•  Do desktops and laptops have firewalls enabled?

Yes – managed via group policy

•  Are firewall rules regularly reviewed?

Yes – quarterly reviews

•  Do the firewalls have a default deny policy?


•  Are unnecessary user accounts on company devices removed or disabled?

Yes – part of build process

•  Is there a password policy in place?


•  Are default passwords changed?


•  Are strong passwords defined for all users?

Yes – minimum of 10 characters (of which are a combination of upper/lower/number/special characters)

•  Are administrative accounts or accounts with super-user privileges restricted to authorised individuals?

Yes – system owner approval is required & there is a regular recertification process

•  Are all administrative accounts only used to perform administrative activities, and users trained not to check web or email with them?

Yes – part of user awareness & AUP

•  Is there an account lockout policy?

Yes – 3 attempts

•  Are user accounts removed or disabled when no longer required?

Yes – they are disabled, then deleted

•  Is there a corporate policy on log retention?


•  Are operating system log files retained?

Yes – 3 months online, 2 years offline

•  Is web and mail access logged?

Yes – SIEM Product used

•  Are log files retained for a period of at least three months?

Yes – SIEM Product used

•  Has anti-virus (or other malware protection) software been installed on all applicable computers?


•  Is the anti-virus software kept up-to-date?


•  Does the anti-virus software scan files automatically on access?


•  Does the anti-virus software perform regular scans?


•  Is an offline backup or drive snapshot solution in place to provide protection against ransomware?

In most cases – key systems & platforms

•  Do you apply security patches to all software running on computers and network devices?


•  Has out-of-date or older software been removed from devices?

In most cases – some legacy systems have additional controls and are regularly reviewed through Risk Management Process

•  Are security patches installed within 14 days of release?

In most cases – some systems have strict maintenance windows. The longest period would be 30 days unless the risk outweighs, in which case an emergency change process is followed.

•  Are all smart phones and tablets kept up to date with updates (vendor and application)?

Yes – this is centrally managed

•  Can mobile devices and tablets be remotely wiped and locked?

Yes – this is centrally managed

•  Do you perform regular vulnerability scans?

Yes – security team performs scans (quarterly) and work with technology teams to remediate any findings.

✉ Sign up to the Barbour Newsletter

Free downloads, advance notice of webinars, product updates and perks – all straight to your inbox.

  • Barbour EHS may from time to time send updates about Barbour products and services. By providing your contact information you consent to being contacted for direct marketing purposes by Barbour EHS. Please ensure you review our Privacy Policy.