Partner Manager Resource Center

Register Here
Channel Matters Blog > June 2011 > Security and Client Confidentiality Policy

Security and Client Confidentiality Policy

by Global Administrator
Read 4 times
Rate this item

This document applys to all Channel Enablers employees and contractors

 

As you know, under the terms of your agreement with Channel Enablers you are required to protect access to all confidential information that may be in your possession or under your control during your work on Channel Enablers business.

This security and client confidentiality policy is intended to provide further definition of what is expected of you in order to meet these obligations.

Please read this document carefully and indicate your understanding and acceptance by clicking on this link , that will generate an acceptance email to Channel Enablers.

Confidentiality and Exclusivity

Channel Enablers engages with all our clients on the basis of complete confidentiality and discretion.  We protect our client’s sensitive (i.e. confidential, valuable and competitive) information as if it was our own.

Channel Enablers commits not to disclose client confidential information where such information is known to be confidential.  To aid us please ask all our clients to clearly mark all confidential documents appropriately and give clear indication of confidential information when discussed.

While exclusive services covering one industry and/or product category are by special arrangement only, Channel Enablers has adopted as standard practice and number of internal policies to ensure the highest possible levels of ethical discretion and protection of our client’s interests.  These practices can include assigning dedicated staff and contractors to competing clients and the physical security and separation of all client discussions, correspondence, work in progress and documentation.

Channel Enablers reserves the right to name clients in the course of referencing or promoting the business of Channel Enablers, however, before a client or prospect is provided as a reference, permission must be obtained from the customer.

Security

It is far more likely that the security of data and information retained by Channel Enablers is compromised by physical threats (such as fire or theft) than by premeditated electronic activities.

 

It is therefore important that all Channel Enablers staff and contractors maintain a high sense of self-discipline and preventative action in regard to the protection of client and Channel Enablers information and intellectual property and at all times use their best endeavours to protect the data, assets and best interests of Channel Enablers.

 The following precautions are required of all staff and contractors.

Client Documentation and Files

 

  1. “Client related materials” such as but not limited to SOW’s, proposals, any agreement (formal or informal communications made in writing), reports, project status, workshop slides, handouts, notes, hardcopy client communications and clients own files that relate to the business of Channel Enablers and its clients, remain the property of Channel Enablers or its client.
  2. Before the conclusion of a project all statements of work, proposals, letters or emails of offer, records of agreement (including email exchanges), purchase orders, project start sheets, modified or developed intellectual property, client reports, research findings, expense records and reports and  invoice requests must be uploaded to the relevant client folder on the Channel Enablers file store. All electronic documentation should be named and saved according to Channel Enablers document naming conventions.
     
  3. All employees and contractors must use their best endeavours to securely store confidential hard copy documentation; this includes locking filing cabinets if they are left unattended.  Special care should be taken to secure important documentation when travelling. Where possible it is advisable to use ‘computer locks’ ( like the Kensington lock system ) for all Laptops, desktops, and external HDD’s at your home and when traveling and leaving your computer unattended on the home or hotel.  Should your home or hotel room be broken in to, this may prevent your equipment, and Channel Enablers data from being removed.
     
  4. At times ongoing engagements with a client may require reference to prior documentation relating to that client, so copies of “client related materials” may be held by
    assigned consultants, either electronically or in hard copy, for the duration of that additional project.  Under no other circumstances should additional unauthorised copies of client reports or documents be made.
     
  5. Channel Enablers information, documents, and client materials should only be made available to persons deemed authorised by the Directors or Project Directors and covered under a Channel Enablers non-disclosure and/or contractors agreement.

Passwords

  1. Laptops must be secured by passwords and set to automatically lock when left unattended.
  2. Machine access passwords must be changed on a regular basis and should not be re-used.
  3. Passwords must have the following attributes:
  4.   i.    Minimum of 8 characters
      ii.    At least one character in Caps
      iii.    At least one numeric character
      iv.    Where possible one special character ( for example ! @ * etc. )
  5. Passwords must be used on “start up” and “resume” on all accounts on any machine used for Channel Enablers business.

Laptops and PC’s

  1. Laptop computers containing emails, client materials or any Channel Enablers related information are not to be left unattended at any time unless appropriately secured with the required level of password protection active (i.e. the machine is turned off or locked).
     
  2. Always remove or change the details to default administration accounts on the computer.  Never leave the ‘admin’ account active on a computer.  By using a non-default username it improves the overall security in case of a brute force attempt to gain access to the computer.
  3. Only correctly licenced software should be installed in computers or devices used for Channel Enablers work.
     
  4. All computers being used for Channel Enablers business or containing Channel Enablers related information, must have a standard minimum Operating Environment installed of:

    Microsoft Windows
    • Windows XP Pro,  Windows 7 Pro (+) is preferable.
    • Home or Media Centre version of Windows are not acceptable.
    • All Windows machines must be installed with NTFS file system.
    • FAT 16, and FAT32 file systems are not acceptable.

    Other operating systems

    • Mac OS X +
  5. Antivirus software with automatic updates must be installed, enabled and routinely checked to be functioning; all computers should have a full antivirus scan each week
    Note:
    This applies to ALL operating systems.
     
  6. Firewall software must be installed, configured and functioning on all computers. Note: This applies to ALL operating systems.
  7. Channel Enablers working data and client files must be backed up on a weekly basis to appropriate backup devices and these backups stored in a secure location. Any confidential files backed up to an external location or device must be protected by two level authentication (username and password) as per the Password standards listed above.
     
  8. Hardware firewalls are preferred and have been installed in all Channel Enablers office locations.  All laptop and home office desktop users must have a quality software firewall installed and enabled.  The Windows standard firewall is only acceptable when systems are also protected by an appropriate hardware firewall.
  9. Users connecting to office or home wireless networks must ensure networks are secured using an encrypted network key connection of WPA level or greater. 
     
  10. When connecting to a public hotspot such as in hotels, coffee shops etc, where an encrypted network is not available; ensure all appropriate local system firewalls are in place, and that Channel Enablers communication occurs over systems with secondary encryption ONLY  (i.e. Exchange email, POP3 via SSL), VPN, or secure files store.  If you use a POP3 email account and regularly use these connections, please contact Channel Enablers IT for more information on connecting via SSL.
  11.  Any external storage device (External HDD, Memory Key, SD Card etc) that is used to store Channel Enablers data should be physically secured at all times and should be password protected as per the password standard listed above.

    CD/DVD’s cannot be properly secured and should not be used unless their physical security can be guaranteed

Email

Email may contain confidential information or records of offers or agreements, and should be protected in the same way as any other data according to this policy. In addition:
  1. All email sent on Channel Enablers business must use the standard Channel Enablers signature (including disclaimer).
  2. No personal email should be sent using the Channel Enablers email alias.
  3. Personal email accounts and signatures should not be used for Channel Enablers business purposes.
  4. Antivirus software should be set to scan all email communication – both incoming and outgoing.

Smart Phones

All smartphones containing Channel Enablers data, and or connected to Channel Enablers email or remote file store systems must have an automatic time based password lock system installed and active.  Where possible; remote tracking and remote wipe services should be used in case of loss or theft of the device.

If something goes wrong

If your computer or data storage devices ( including memory keys or CD/DVD’s ) are stolen or tampered with in any way by unauthorised parties; you discover system has been hacked; or you discover your system has been infected with a virus/malware - immediately contact the Channel Enablers for more information.

Understanding and Acceptance of this policy

If you have not done so above, please indicate your understanding and acceptance by clicking on this link, that will generate an acceptance email to Channel Enablers.

Last modified on 7/16/2013 10:01:40 AM
Trackback URL: https://channelenablers.com/trackback/f5a826ea-2368-4383-bde2-90c67ed832de/Security-and-Client-Confidentiality-Policy.aspx?culture=en-US

Comments
Blog post currently doesn't have any comments.