Given the potential liability and security needs around internal and related 3rd party data, we align with ISO/IEC 27000 standards and have the following policy;
Local documents and data processing
All sensitive data provided from data partners must be stored in a secure container (either IAM-secured cloud service or locally using TrueCrypt or equivalent). The containers can be stored on shared cloud folders or personal machines.
Our data management policy for this is as follows:
1) Once downloaded, all sensitive partner data must be stored in a secure container
2) Temporary copies of the raw data can be made outside the container for the purposes of processing and/or import into our systems
3) Any and all temporary unencrypted copies must be stored on secure local environments (ie. encrypted drives)
4) Any and all temporary copies must be deleted after use
5) We require any user of the data internally warrant that they will delete any temporary local copies they make within 7 days of usage.
6) We data controllers, may change the password on the primary/master copy of the secure container.
7) Anonymised data should be used where possible in local testing environments (ie. randomised seeds/etc.)
8) Subsets of data should be used where possible rather than full data sets.9) Relationship hierarchies should be limited to 1 or 2 deep in development environments
10) No live data should be used in the development environment - only generated or anonymised dat
11) Backups are also encrypted by default (ie. backups are only made of encrypted containers).
Data Access control
The Data Controller has the password for secure containers and control distribution.
Web-based storage and processing
In any online service, we do the following where sensitive or commercially valuable data is involved:
Data storage and access via web-services
1) Encrypt certain key data fields. Purpose: to protect from systems-level attack.
2) Add trojan data into the data set. Purpose: to enable identification of rogue copies.
3) Implement processes and controls that limit the ability to “screen-scrape” or otherwise automate the acquisition of copyright data via web services. Purpose: to limit the ability of data acquisition from 3rd parties to a level of reasonable commercial endeavour.
Systems access processes and control
We operate strict access control to services; secure credentials are issued to individuals per data source as required to execute client needs.
In the event of a breach or suspected breach, the Data Controllers and the CEO must be notified at the earliest opportunity.
Some file encryption tools are potentially not as secure when used on SSDs. We do not consider this to be a critical issue; the immediate threat of password loss in the event of loss or theft of a desktop and/or laptop can be mitigated by changing all user passwords well before it’s likely that someone could break the encryption. Drive encryption is seen primarily as an effective deterrent against casual data extraction in the event of system loss or theft not as a totally secure protection mechanism against determined industrial espionage.