TECHNICAL AND ORGANIZATIONAL MEASURES
MEASURES PROTECTIVE MEASURES FOR PHYSICAL ACCESS CONTROL
All production servers are hosted on AWS cloud hosting infrastructure (Amazon Web Services). None employee has access to these infrastructures.
PROTECTIVE MEASURES FOR SYSTEM AND DATA ACCESS CONTROL
Data protection and privacy for employees
Most of the data produced by employees is stored in the cloud. Other secured areas for eMoteev data are local servers on site. Finally, files can also be stored on employees’ local computer.
The cloud specifications also ensure that the data is transmitted through the HTTPS protocol. The same applies to email access, which can only be retrieved through secured access.
The cloud environment is particularly advantageous, especially with regards to storage redundancy. The automated versioning of files also allows for data security in the event that an unexpected edition is made and a previous version of a document must be restored.
Local server data can only be accessed through wire.
Access rights are implemented to ensure that documents are made available only to the appropriate people / teams for all the above technologies.
Cloud storage helps ensure that files are replicated and that the eMoteev will not suffer any data loss.
Local storage on local computers is currently not subject to any backup policy. Therefore, it is the employee’s responsibility to rely on one of the two above solutions to secure his/her work.
Local copies of sensitive files
If an employee is in a situation where he or she should copy files to his or her local system, he or she is encouraged to use disk encryption technology like FileVault on Mac OS X or BitLocker on Windows 10. Employee may ask office management for help with configuring this option.
In case of loss of theft of a laptop, the activation of this option will prevent the disclosure of sensitive data that may be stored locally.
In the context of a tech-oriented company, users are made local administrators of their workstation so that they can install necessary tooling and software on demand. The anti-virus agent running on each computer and in the email software makes sure that attachments and executables are not Trojans, horses or viruses.
A secure login/password is required to login.
Resources on the local networks are strictly limited to the domain group employees belong to.
To avoid unintended access to your workstation while employees are away, they have to lock their session as soon as they leave their desk (shortcut: Windows +L on Windows, CTRL+SHIFT+Power on MacBook). A pre-configured screensaver protected by password will be configured on their workstation.
It is strongly encouraged to update workstations as the OS editor (Microsoft, Apple) publishes security fixes to known breaches. The System Administrator performs frequent machine scans to verify the update policy is applied.
Professional smartphones should have the auto-lock policy activated with a relatively complex code so as to avoid data leakage / identity spoofing.
In the situation where a professional smartphone is lost or stolen, the concerned employee must contact the System Administrator as soon as possible so that the device can be locked, and e-mail and application passwords reset.
Virtual Private Network (VPN)
The development team has the ability to access data center resources through a secured VPN tunnel. The tunnel is secured with a dedicated login/password.
Wireless Internet is available in the office. Is is completely separated from the production network. It is generally a good practice to connect to the Internet via one source at a time either wireless and/or Ethernet. It is preferable to use the Ethernet connection when available. Every employee gets his or her own wireless password or can connect to the Wireless network via our LDAP directory, which simplifies password management.
The office also provides a public wireless access reserved for visitors.
Access to the office
Employees can access the building from 9:00 am until 8:00 pm. Outside of these hours, access is granted only to those with a personal badge. After 8:00 pm and before 9:00 am, the doors are locked.
Employees should access/leave the office only during business hours (9:00 am to 8:00 pm). No one is allowed to enter/stay in the office at night or over the weekend.
The list of people holding a badge is available at the System Administrator desk. The attribution of badges to newcomers is a part of the integration process that will be initiated by managers upon the employee arrival.