Skip to content

Confidential information toolbox


Our policies, standards and other resources

We have more in-depth Group policies, standards and guidance covering different aspects of confidential information. You can find links to them here.

In addition, there may be specific policies and procedures that apply where you work. Your manager can tell you about these. If you are unsure then always ask your manager.

(Please note: some of our resources are only available to Serco employees. In this case, you’ll need to log in to MySerco to access them. If you have problems accessing them, please request a copy from your manager.)

SMS-PS-II Information Integrity
One page statement defining Serco’s commitment to ensuring information produced, meets customer, legislative and regulatory requirements and is accurate, kept up to date, consistent and provided in a timely manner in order to enable effective decision making.

SMS-GS-II1 Information and Data Privacy
Defines minimum standards to ensure that information produced, or any personal data processed, meet customer, legislative and regulatory requirements and is accurate, kept up to date, consistent and provided in a timely manner in order to enable effective decision making.

SMS GSOP-II1-2 Data Retention
Provides a framework to govern management decisions in relation to data, document and record retention. It sets out the broad principles to be applied.

SMS GSOP-II1-3 Data Protection Impact Assessment
Provides a framework for conducting Data Protection Impact Assessments (DPIAs) to help identify data privacy risks in our business activities.

SMS-GSOP-O1-2 Incident and Fraud Reporting and Management
Provides a framework for the reporting of incidents that are likely to impact Serco’s reputation.

SMS-GSOP-S1-3 Data Protection
Provides a framework for retaining various kinds of information.


Information is confidential if it has value to Serco and is not publicly available, or if it involves personal information about individuals. Depending on the nature of our work, we might also obtain confidential information from our colleagues, customers, partners and others. Confidential information can also be disclosed in many forms such as hard copy documents, electronically and even orally.

There are many kinds of confidential information, including:

  • information about finances, business plans or practices

  • marketing plans

  • pricing policies

  • specifications

  • systems

  • relationships

  • costs

  • business strategies

  • information about colleagues, customers, partners or third-parties

  • agreements

  • intellectual property such as technical information, innovations, improvements, know-how and trade-secrets

A non-disclosure agreement is a legally binding contract that means you agree not to disclose confidential information that has been shared with you for the purposes of doing your job. Standard templates are available on MySerco.

If you're a manager

  • Make sure everyone on your team understands the risks associated with any information you handle so that you can properly manage those risks and protect the information.

  • Ensure all records and documentation (including contractual documentation) are held in a safe and secure manner and in accordance with document management and data retention requirements.

  • Liaise with your information security lead for advice and guidance, where required, regarding data and information retention, security, and disclosure.

  • Ensuring any incidents breaches and suspected breaches (in particular those concerning any loss of personal data) are managed in accordance with Incident & Fraud Reporting and Management procedures and reported into Assure within defined timescales and categorised according to Serco Incident Reporting Scale (SIRS).

Raise a concern

Learn more

What happens if we don't follow mycode?

Learn more

Speak Up

Learn more

Discover more...

Personal information

We protect it carefully.

Using our systems and keeping our information safe

Keeping the bad guys from getting in and our information from getting out.

Social media

We think twice before we post or tweet.

External communication

We don’t speak for Serco unless we’re authorised.