Security Policies and Procedures.
Hardware Security Policy.
- Any Apple technology must have ‘Find location’ services enabled
- Mobile hardware must have IMEI recorded in at least two locations
- Server Admin passwords are rated as ‘strong’ and have access locked down by approved IP only
- Server Root access is locked down by SSH key authentication
- Backup drives are secured by password (rated as strong)
- Dropbox usage on mobile devices must have require passcode to access. Also require passcode when switching apps and set to erase data after 10 failed passcode attempts.
- Computers are locked / logged off when away from desks
Documents Security Policy.
- Only print confidential material when absolutely necessary, and dispose of confidential paper waste securely by shredding
Software Security Policy.
- All records are saved using a dedicated encryption tool (such as 1password) which has a minimum of 128-bit keys for encryption
- Passwords are kept secure by changing regularly
- Help prevent virus attacks by taking care when opening emails and attachments or visiting new websites
- Avoid using MS Internet Explorer whenever possible. When using Firefox, ‘set master password’ function is activated. In Safari, passwords are secured via keychain access.
Hardware loss. Master escalation procedure.
CATEGORY A HARDWARE
- Server(s)
- Personal desktop or laptop computer
- Local external backup drives
CATEGORY B HARDWARE
- Smart phones – iPhone / Blackberry / Android
- iPad / other tablet
CATEGORY C HARDWARE
- Other mobile phone
- USB memory stick (no sensitive information)
IN THE EVENT OF THE LOSS OF ANY PIECE OF CATEGORY A HARDWARE
- Inform other team member to login to master server and change Admin password. If other team member not available then contact Coreix support to request
- Change ftp password for all Data-Controlled sites (live and test sites)
- Change database password inside domain settings and also inside config.php file (then test site)
- Change password for offsite backup facility (contact backup support personnel to match new password)
IN THE EVENT OF THE LOSS OF ANY PIECE OF CATEGORY B HARDWARE
- If using Apple iPhone, launch ‘Find my iPhone’ application and activate ‘location’ and/or remote wipe facility.
- Retrieve IMEI number and contact mobile company if required.
IN THE EVENT OF THE LOSS OF ANY PIECE OF CATEGORY C HARDWARE
- Replace if neccessary.
Hardware disposal
- In the event of sale or disposal of a piece of category B or C hardware, the item will be wiped clean of data and restored to factory settings.
- If a piece of Category A hardware is erased, it must be erased by low-level format (writing at least one complete pass of zero’s to the hard drive).
Insurance
- South° have Business Insurance with Glenham.
- Public liability insurance £5,000,000
- Employers liability insurance £10,000,000
- Professional indemnity insurance £500,000 (Any one claim)
Asset Documentation
South˚ retains an Asset Documentation list as a local document. We will supply a copy if the terms of contract require.