Convivio Cookbook
  • Introduction
  • Our Business
    • The Convivio brand
    • What do we do?
    • Our work for clients
    • Our Purpose
    • Our Pulse
      • Big Rocks
      • Problems
    • Company Policies
      • Environmental Policy
      • Anti-Bribery Policy
      • Fair Tax Policy
        • Dividends policy
        • 2020 Results and Tax
        • 2019 Results and Tax
        • 2018 Results and Tax
        • 2017 Results and Tax
  • Our Team
    • Help! I'm new. How do I get started?
    • Starting at Convivio
    • Staff Benefits
    • Being a buddy
    • Having a buddy
    • Free-Range Working
    • Convivio Fridays
    • Notes: give & receive feedback
    • Security Screening
    • Submit Expenses
    • Purchases
    • Your home working environment
    • People Analytics
    • Recruitment
      • Help Card: Writing a Person Profile
      • Help Card: Writing a Job Description and Advert
      • Help Card: Publishing a Job Advert
      • Help Card: Reviewing CVs
      • Help Card: Preparing and Conducting Structured Interviews
      • Help Card: Preparing and Conducting Remote Working Interviews
    • Team Policies
      • Security Policy
        • Acceptable Use Policy
        • Business Continuity Management
        • Data Usage Policy
        • Document Access Policy
        • Mobile Equipment Policy
        • Two-Factor Authentication (2FA)
        • VPN Guide
      • Equal Opportunities
      • Grievance Procedure
      • Disciplinary Procedure
    • Taking time off work
      • Holiday
      • Sickness
    • Peer reviews
    • Mental Health
      • Mental Health Training
      • Mental Health First Aid
      • Returning to work
      • Resources
    • Continuing Professional Development
      • CPD Annual Planning
      • CPD Sprints & Scrums
      • CPD Annual Review
      • CPD Annual Retrospective
  • Our Clients
    • Principles For Building New Client Relationships
    • Researching
    • Connecting
    • Nurturing
    • Assessing
    • Learning and Thinking
    • Pre-qualification questionnaires
    • Proposing
    • Agreeing
    • Beginning
    • Inspiration
  • Our Marketing
    • Content Publishing
      • Git Repository Conventions
      • Help Card: Writing a Case Study
    • Brand Guidelines
      • Content Guidelines
      • Branded Documents and Reports
  • Our Tools
    • Infrastructure
      • External Firewalls
  • Internal Projects
    • How we improve our business
  • Client Projects
    • Delivery Launch
    • Delivery Team
      • Convivio People
      • The Coach
      • User Researcher
      • Other Team Members
    • Digital Strategy
    • Discovery
      • Discovery Briefing
      • Discovery Planning
      • Discovery Modules
      • Discovery Findings
      • Discovery Principles
      • Prepare for prototyping
    • Prototyping
      • Inputs to Prototyping
      • Prototyping Objectives
      • Prototyping Inception
      • Prototyping Sprints
      • Prototyping Outputs
    • Build
      • Inputs to Build
      • Build Kickoff
      • User Stories
      • Backlog Management
      • Backlog Scouting
      • Sprint Planning
      • Sprinting
        • Daily Standup
        • Story Lifecycle
        • Design in Sprints
        • User Testing in Sprints
        • Quality Control in Sprints
      • Sprint Review
      • Sprint Retrospective
    • Service Management
    • Digital Service Standards
      • Delivery Methodologies
        • Scrum
        • Kanban
        • Lean
          • Technical Standards
        • Code Quality
        • Testing
        • Automation
          • Security Standards
          • Quality Standards
          • Risk Standards
    • Delivery Governance
      • Steering Group
      • Risk Management
        • Risk Attitude
        • Assessing Risks
    • Delivery Help Cards
      • Help Card - Sprint Planning
      • Help Card - Sprint Review
      • Help Card - Sprint Retrospective
      • Help Card - Product Owner Feedback
      • Help Card - Common Issues
      • Help Card - Slack
      • Help Card - Github
      • Help Card - Trello
  • Our Recipes
    • Convivio Classic Cocktails
      • Ingredients
      • Tips and Techniques
      • Martini
      • Negroni
      • Manhattan
      • Old Fashioned
    • Potage Dubarry (or, creamy cauliflower soup) with spiced green pepper
    • Roasted Sweet Potato in a Herb and Nut Salad, with Maple Chilli Dressing
    • Aubergine Curry
    • Vegetarian Paella
    • Easy Ice Cream
Powered by GitBook
On this page
  • Location
  • Responsibility
  • Purpose
  • Security Procedures
  • Phone encryption
  • iOS
  • Android
  • Removable Media
  • Email and Document Management
  1. Our Team
  2. Team Policies
  3. Security Policy

Data Usage Policy

This policy supports our I.T. Security Policy. The purpose of this policy is to prevent unauthorised disclosure, modification, removal or destruction of information assets, and disruption to our business activities.

The document forms part of our alignment to the ISO 27001 Information Security Management System standard.

Location

This policy is applicable to all staff and contractors using Convivio systems and those of its clients and suppliers.

Responsibility

It is the responsibility of the CEO and COO to accept and implement this policy and to ensure that the security controls are implemented. All staff have a responsibility to comply with this policy. Failure to comply with this policy may affect our information services and could result in disciplinary action.

Purpose

The purpose of this policy is to prevent unauthorised disclosure, modification, removal or destruction of our information assets, and disruption to any of our business activities.

Except when specifically authorised after a risk assessment of the necessary business case, corporate records/data shall not be stored on local computers, mobile devices including laptops, USB memory sticks, PDA’s, external hard drives or any other mobile device or media such as smart phones, CD or DVD except for agreed backups.

Security Procedures

No real time data should be used for testing purposes, the use of annonymised information should be used outside of live environments. Unless specifically required by the client and the project, the use of anonymised data should be used for testing in staging and live environments.

All pass-phrases or decryption keys used for encryption/decryption purposes must be sufficiently long and complex to prevent the encrypted information from attack. The decryption pass-phrase or key must never be sent with encrypted removable media.

A password manager (1Password) should be used to generate any personal passwords at least 8 characters in length containing alphanumeric and punctuation characters required for hardware and software and stored within the encrypted password facility.

In all cases where data encryption is used, a full auditable record should be maintained of the media and data involved and its intended purposes including dates of encrypted file creation, transmission and destruction.

Audit spot checks will be conducted by the organisation to ensure this policy is complied with. Any compliance issues will be reported to the line managers concerned and may be handled through staff disciplinary processes or contractual arrangements.

All incidents involving encrypted data must be reported to the Management immediately.

Personal Computers including Laptops, Tablet and Handheld Computers Whole Disk Encryption shall be applied. Laptop encryption Mac: default in Lion or later: FileVault 2 uses full disk, XTS-AES 128 encryption to help keep your data secure. Using FileVault 2, you can encrypt the contents of your entire drive.

Phone encryption

iOS

Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications.

Android

Removable Media

Removable media such as CD, SD cards DVD or ZIP drives MUST be avoided unless for approved backup purposes and then they must be stored securely.

Any requests to do otherwise must be authorised as per the management.

Email and Document Management

Google's Gmail and Drive apps must be installed on all machines and used to manage email and documents. These services include a scan for viruses, malware and Trojans and will help us prevent the spread of infection.

Because our end users can be considered the weak link, we use Google products for email (Gmail) and document storage (Google Drive) to take advantage of the automatic virus, spyware and trojan scanning. Although our Macs and iPhones are safe from executable files, we need to prevent the spread of infection.

We use Gmail for all email correspondence. Gmail’s anti-virus scanner alerts you if a virus, spyware or trojan is discovered before sending email and gives you the option not to send. When Gmail finds a virus attached to an email that’s been sent, it rejects the message and prevents you from downloading the attachment. This helps us prevent the spread of infection between ourselves and our clients and partners.

We use Google Drive for document storage, access management and sharing. Google Drive scans a file for viruses before the file is downloaded or shared. If a virus is detected, users can't share the file with others, send the infected file via email, or convert it to a Google Doc, Sheet, or Slide, and they'll receive a warning if they attempt these operations. The owner can download the virus-infected file, but only after acknowledging the risk of doing so.

By installing the applications on our local machines we protect ourselves from infections and prevent the spread of infections to our clients and partners.

PreviousBusiness Continuity ManagementNextDocument Access Policy

Last updated 7 years ago

Android users must use full disk encryption, please refer to Android for more information.

documentation