Security Policy
Where Ctrl-X Digital Ltd have access to data stored online:
- Separate logins for accounts and services will be used to control access.
- Strong passwords will be used.
- Passwords saved in a secure password management system.
- Password are accessible to Ctrl-X Digital Ltd staff.
- Where a there is shared login, passwords should changed on a regular basis.
- No client data will be downloaded or stored except for operational reasons.
- Any downloaded client data will be deleted once the task is complete.
- Work on client sites and accounts will be via a secure network connection.
- All life-expired equipment is securely wiped of all information.
- IT support companies have access to the Ctrl-X Digital Ltd network drives and online systems only to provide technical support.
- Ctrl-X Digital Ltd network drives are housed in a restricted area which is:
- accessible during office hours.
- locked during out of office hours.
- Ctrl-X Digital Ltd staff have access to the network drives and online system.
- Personal data is not stored on removable media.
- Support agreements are in place with the following companies:
- UKWSD
- FreeAgent
- UpTime Robot
Secure Data Transfer and Storage
Data transfer of customer information between Ctrl-X Digital Ltd and the client and vice versa should occur in the following ways:
- By email as a password protected attachment.
- Password to be provided by telephone, SMS or secure single use digital message.
- By telephone to relevant staff with the client’s explicit consent.
- By hand in sealed envelopes and handed over personally to designated users.
On site data will be securely stored:
- As appropriate on network drives and online systems with controlled and password access, and secure encryption in place (if online).
- Personal or sensitive data will not be made available on removable media