Access Control Policy

Access to potentially sensitive information should be controlled based on the type of the data as follows:

Client Data

Examples: Twitter data, with client tagging & notes.

Access for: Only those staff who need access as part of serving the client.

Control: By Good-Loop login and the client-specific workspace membership.

Acceptable use: Client data must be treated as confidential and may only be looked at as part of serving that client's needs.

Development Data

Examples: Source code

Access for: Development staff.

Control: By ssh key with git repository access settings.

Acceptable use: Development data is for use in developing the product.

Sales Data

Examples: Sales pipeline, prospect contact details.

Access for: Sales staff and senior management.

Control: By SalesForce login and Dropbox folder permissions.

Acceptable use: Sales data is to be used for promoting Good-Loop.

Account Manager Data

Examples: Client contact and organisation notes, log of issues.

Access for: Account managers.

Control: By Dropbox folder permissions.

Acceptable use: Account manager data is to be used for serving specific Good-Loop clients.

HR Data

Examples: CV, annual review report.

Access for: Admin staff.

Control: By Dropbox folder permissions.

Acceptable use: HR data is confidential to be used internally for managing staff.

Sensitive Business Data

Examples: commercial strategy documents, financial forecasts.

Access for: senior management.

Control: By Dropbox folder permissions, and ssh key with git repository access settings.

Acceptable use: internally.

Use and disposal of media

Removable and printed media should be used only when necessary, and the data should be deleted as soon as possible. An additional reason for avoiding printed media is to reduce environmental waste.

All media should be securely disposed off, either by physical destruction (for CDs and paper records), or by secure scrubbing (hard drives, flash drives).