Security Policies and Procedures.

Hardware Security Policy

  • Any Apple technology must have ‘Find location’ services enabled.
  • Mobile hardware must have IMEI recorded in at least two locations.
  • Server Admin passwords must be rated as ‘strong’ and have access locked down by approved IP only.
  • Server Root access is locked down by SSH key authentication.
  • Backup drives are secured by password (rated as strong).
  • Dropbox usage on mobile devices must require a passcode to access. Also, require a passcode when switching apps and set to erase data after 10 failed passcode attempts.
  • Computers must be locked or logged off when away from desks.

Documents Security Policy

  • Only print confidential material when absolutely necessary, and dispose of confidential paper waste securely by shredding.

Software Security Policy

  • All records are saved using a dedicated encryption tool (such as 1Password) which has a minimum of 128-bit keys for encryption.
  • Passwords are kept secure by changing them regularly.
  • Help prevent virus attacks by taking care when opening emails and attachments or visiting new websites.
  • Avoid using MS Internet Explorer whenever possible. When using Firefox, activate the ‘set master password’ function. In Safari, passwords are secured via keychain access.

Hardware Loss: Master Escalation Procedure

Category A Hardware

  • Server(s)
  • Personal desktop or laptop computer
  • Local external backup drives

Category B Hardware

  • Smartphones – iPhone / Blackberry / Android
  • iPad / other tablet

Category C Hardware

  • Other mobile phone
  • USB memory stick (no sensitive information)

In the Event of the Loss of Any Piece of Category A Hardware

  • Inform another team member to log in to the master server and change the Admin password. If another team member is not available, contact Coreix support to request this.
  • Change FTP password for all Data-Controlled sites (live and test sites).
  • Change database password inside domain settings and also inside the config.php file (then test the site).
  • Change the password for the offsite backup facility (contact backup support personnel to match the new password).

In the Event of the Loss of Any Piece of Category B Hardware

  • If using an Apple iPhone, launch the ‘Find my iPhone’ application and activate ‘location’ and/or remote wipe facility.
  • Retrieve the IMEI number and contact the mobile company if required.

In the Event of the Loss of Any Piece of Category C Hardware

  • Replace if necessary.

Hardware Disposal

  • In the event of sale or disposal of a piece of Category B or C hardware, the item will be wiped clean of data and restored to factory settings.
  • If a piece of Category A hardware is erased, it must be erased by low-level format (writing at least one complete pass of zeros to the hard drive).

Insurance

  • South° has Business Insurance with Glenham.
  • Public liability insurance: £5,000,000
  • Employers’ liability insurance: £10,000,000
  • Professional indemnity insurance: £500,000 (any one claim)

Asset Documentation

South˚ retains an Asset Documentation list as a local document. We will supply a copy if the terms of the contract require it.

Scroll to Top