Security Policies and Procedures.

Hardware Security Policy.

  • Any Apple technology must have ‘Find location’ services enabled
  • Mobile hardware must have IMEI recorded in at least two locations
  • Server Admin passwords are rated as ‘strong’ and have access locked down by approved IP only
  • Server Root access is locked down by SSH key authentication
  • Backup drives are secured by password (rated as strong)
  • Dropbox usage on mobile devices must have require passcode to access. Also require passcode when switching apps and set to erase data after 10 failed passcode attempts.
  • Computers are locked / logged off when away from desks

 

Documents Security Policy.

  • Only print confidential material when absolutely necessary, and dispose of confidential paper waste securely by shredding

 

Software Security Policy.

  • All records are saved using a dedicated encryption tool (such as 1password) which has a minimum of 128-bit keys for encryption
  • Passwords are kept secure by changing regularly
  • Help prevent virus attacks by taking care when opening emails and attachments or visiting new websites
  • Avoid using MS Internet Explorer whenever possible. When using Firefox, ‘set master password’ function is activated. In Safari, passwords are secured via keychain access.

 

Hardware loss. Master escalation procedure.

CATEGORY A HARDWARE

  • Server(s)
  • Personal desktop or laptop computer
  • Local external backup drives

 

CATEGORY B HARDWARE

  • Smart phones – iPhone / Blackberry / Android
  • iPad / other tablet

 

CATEGORY C HARDWARE

  • Other mobile phone
  • USB memory stick (no sensitive information)

 

IN THE EVENT OF THE LOSS OF ANY PIECE OF CATEGORY A HARDWARE

  • Inform other team member to login to master server and change Admin password. If other team member not available then contact Coreix support to request
  • Change ftp password for all Data-Controlled sites (live and test sites)
  • Change database password inside domain settings and also inside config.php file (then test site)
  • Change password for offsite backup facility (contact backup support personnel to match new password)

 

IN THE EVENT OF THE LOSS OF ANY PIECE OF CATEGORY B HARDWARE

  • If using Apple iPhone, launch ‘Find my iPhone’ application and activate ‘location’ and/or remote wipe facility.
  • Retrieve IMEI number and contact mobile company if required.

 

IN THE EVENT OF THE LOSS OF ANY PIECE OF CATEGORY C HARDWARE

  • Replace if neccessary.

 

Hardware disposal

  • In the event of sale or disposal of a piece of category B or C hardware, the item will be wiped clean of data and restored to factory settings.
  • If a piece of Category A hardware is erased, it must be erased by low-level format (writing at least one complete pass of zero’s to the hard drive).

 

Insurance

  • South° have Business Insurance with Glenham.
  • Public liability insurance £5,000,000
  • Employers liability insurance £10,000,000
  • Professional indemnity insurance £500,000 (Any one claim)

 

Asset Documentation

South˚ retains an Asset Documentation list as a local document. We will supply a copy if the terms of contract require.

Toggle This