Security Policies and Procedures.
Hardware Security Policy
- Any Apple technology must have ‘Find location’ services enabled.
- Mobile hardware must have IMEI recorded in at least two locations.
- Server Admin passwords must be rated as ‘strong’ and have access locked down by approved IP only.
- Server Root access is locked down by SSH key authentication.
- Backup drives are secured by password (rated as strong).
- Dropbox usage on mobile devices must require a passcode to access. Also, require a passcode when switching apps and set to erase data after 10 failed passcode attempts.
- Computers must be locked or logged off when away from desks.
Documents Security Policy
- Only print confidential material when absolutely necessary, and dispose of confidential paper waste securely by shredding.
Software Security Policy
- All records are saved using a dedicated encryption tool (such as 1Password) which has a minimum of 128-bit keys for encryption.
- Passwords are kept secure by changing them regularly.
- Help prevent virus attacks by taking care when opening emails and attachments or visiting new websites.
- Avoid using MS Internet Explorer whenever possible. When using Firefox, activate the ‘set master password’ function. In Safari, passwords are secured via keychain access.
Hardware Loss: Master Escalation Procedure
Category A Hardware
- Server(s)
- Personal desktop or laptop computer
- Local external backup drives
Category B Hardware
- Smartphones – iPhone / Blackberry / Android
- iPad / other tablet
Category C Hardware
- Other mobile phone
- USB memory stick (no sensitive information)
In the Event of the Loss of Any Piece of Category A Hardware
- Inform another team member to log in to the master server and change the Admin password. If another team member is not available, contact Coreix support to request this.
- Change FTP password for all Data-Controlled sites (live and test sites).
- Change database password inside domain settings and also inside the config.php file (then test the site).
- Change the password for the offsite backup facility (contact backup support personnel to match the new password).
In the Event of the Loss of Any Piece of Category B Hardware
- If using an Apple iPhone, launch the ‘Find my iPhone’ application and activate ‘location’ and/or remote wipe facility.
- Retrieve the IMEI number and contact the mobile company if required.
In the Event of the Loss of Any Piece of Category C Hardware
- Replace if necessary.
Hardware Disposal
- In the event of sale or disposal of a piece of Category B or C hardware, the item will be wiped clean of data and restored to factory settings.
- If a piece of Category A hardware is erased, it must be erased by low-level format (writing at least one complete pass of zeros to the hard drive).
Insurance
- South° has Business Insurance with Glenham.
- Public liability insurance: £5,000,000
- Employers’ liability insurance: £10,000,000
- Professional indemnity insurance: £500,000 (any one claim)
Asset Documentation
South˚ retains an Asset Documentation list as a local document. We will supply a copy if the terms of the contract require it.