Data Access Controls
Physical asset security policy
We allot Unique Identification Numbers to the movable and fixed assets in the office.
- Server Data access is provided to the office devices such as laptop and desktop in the office
- Desktops, printers, telephones will remain in the office premises
- Laptops and Mobiles of certain designated staff will go outside the office (this is admin controlled )
Password policy including duration validity, change procedures and password format guidance for users
- All data is saved automatically on the Server in our office
- Data is saved in shared folder in different categories which have secure password
- All staff can access only their related files & folders. They can save and edit, but not delete. Delete access is only for admin.
- All the staff are using Emails that have been configured on their office computers, laptops, mobiles by the IT. Passwords are not given to them.
- Emails on mobiles and laptops is restricted and given only to those approved by Admin.
- All email credentials are controlled by admin.
- Northern’s website does not have provision for Clients to create separate accounts or register using usernames or passwords, therefore, there is currently no policy regulating the same.
Access controls in relation to new employees/users and policy for deactivation of user access permissions
- Work from home option is given only to Top Management.
- Others can work from home only under crises situation.
- New staff who join the company will be explained our data access policy.
- No permission to access server data for newly joined staff.
- Cancelled staff’s access will be taken off upon their resignation/termination from work after ensuring that their emails and data access have been restricted.
- Once a staff leaves, their email id becomes inactive or is forwarded to another colleague for a short period of time, or until such time that the Client account has gradually moved and adapted to dealing with the Advisor who takes over the role of the leaving staff.
Firewall measures and anti-virus software in use
- Our server and workstation are protected by firewall and Eset end protection
Remote access and dial-in security systems and procedures in use
- As per company policy remote access from outside are restricted and only under emergency situations will we allow remote with limit access.
Data storage policy at both onsite and remote facilities
- All data is stored in a single server located within the office premise in a safe and secure room.
- One of the staff is given authority to check the server in case of any emergency situation
- Only exclusive Management is allowed to use external storage devices like USBs, hard-drives or any other storage devices.
- Remote access is not facilitated except for Top Management
Data Backup Procedures
Detailed policy on backup procedures including methods, archiving, responsibilities and frequency - Policy on storage of backed up data (location, access and retention periods)
- Backup for server (VSS Backup) happens on a daily basis and is scheduled for 9:00 pm every day.
- Server data is kept for a maximum of 3 calendar years
- Alternatively, data backup is also taken on an external hard drive (admin control) once in a month by the IT
- Once 2 TB worth data is saved, then oldest files will be overwritten with new data after permission from Admin
- Once email storage is nearing its full capacity, old emails will be archived by the IT