Security
There are various aspects to security which you should consider.
Physical data security:
Firstly physical data security. We undertake to protect your physical data. In recent years with more reliable hardware loss of data though hardware failure is rare. Never the less we will backup your data at least once every 24 hours usually between midnight and 5am. This will result in a few minutes loss of service, but the peace of mind is worth the minor inconvenience. Backups are removed from the server building and stored securely so that they are available in the event of disaster recovery being necessary.
Staff mistakes or disaffection:
Most security problems these days are a result of staff mistakes or disaffection. Make sure your staff are aware that:
- All entries to the system are traceable to their logon user ID
- IDs cannot be shared, logging on with the same ID as someone already logged on immediately logs the first person off!
- Passwords should never under normal circumstances be shared with anyone. Doing so means someone else may do things in someone elses name. In exceptional circumstances, such as the absence of a key employee, the password can easily, and should be, changed as soon as practicable
- Only give user priviledges on a needs basis, only grant Admin priviledges to the most trusted employee
- If as administrator you prefer, access may be restricted by IP address, so that for example access to sensitive features is limited to the gateway to your own internal network
Misuse of Data:
We regard your data as strictly private and confidential, and are obliged by the Data Protection Act to take all reasonable precautions to keep it so. Email addresses will not be divulged to any third party or used by us except in direct communications with the administrator in connection with your site. The only exception to the above might be in the event of Law Enforcement agencies or Customs and Excise investigations requiring us under the law to co-operate with their investigation.