GDPR Policies
- or -
Post a project like this2140
£400(approx. $497)
- Posted:
- Proposals: 5
- Remote
- #2011497
- OPPORTUNITY
- PRE-FUNDED
- Awarded
Description
Experience Level: Expert
The approach we are taking is to break down our polices into a number of areas.
1, use of SalesForce and management of administrative information
Our central administrative system for all client data including administrative passwords is Salesforce.
All engineers have access to this data
All engineering staff sign a confidentiality clause in their contract about the use of this data and the use if this data once employment is terminated.
We employ a 2 step verification process for access to SalesForce
Associate Salesforce GDPR policy with our own.
All password breaches will be reported the effect organisation within 24 hours of breech
Controls for adding, Deleting, editing user accounts, permissions policy to implemented/to be implement with all clients (starters/leaver/permission change form) audit log is created automatically within SalesForce.
What we are looking for -
Is a policy for administrative access to client systems.
We incorporate all of the above but this needs to be developed into a Policy.
We have various other controls, for example deleting all site information within 48 hours of a client departing. Not storing individual passwords (e.g. We reset the password to work on the machine rather than asking for their passwords)
We have also sent each client a list of all contact information asking them to verify its accurate and where mobile numbers are held we have authorisation from the user to ahem this number.
2, Cloud services
Office 365 – provide Microsoft policy to all clients that use the service, together with above administration policy
G _Suites – provide Google policy to all clients that use the service along side above administration policy.
1st Cloud – we need to create something similar to G suites/Office 365 policy which is accompanied with above policy around administration of Systems.
We are working through the process of Cyber Essentials for our Cloud
We need to incorporated a section on Access to data Centres and clearance process.
We need to request security statement from Volta for access to Data centre.
Is there are statement for Cisco firewall or does it fall under Cyber Essentials?
What we are looking for.
We have our own cloud servers and provide a hosted desktop service for our clients.
This system is hosted in a secure data centre with extensive security restrictions in place.(documentation will be provided)
The physical security (e.g. Firewall’s switches are Enterprise grade devices managed and secured by Cisco certified professionals. We are currently undergoing Cyber Essentials audit for this cloud system.
Administrative access and controls is covered by the above Policy.
We are looking to adopt a similar policy to MS 365 & G-Suites with this service. I.e all reasonable care has been taken to secure the systems without restricting functionality. However compliance of the data itself falls under the responsibility of the owner of the data I.e the customer.
We also need to add a point about reporting of breaches. We have a responsibility to report to the customer within 24 hours of there being a breech of data. They have a responsibility to the report this to the authority as the data belongs to them.
3, management of user information we hold for clients
I would like the team in india to create a report for each active client with a list of contacts and details held
We need to ask clients to confirm the details and to verify they have permission from staff to share mobile numbers where personal.
I don’t think we need to complete anything Further.
We need prepare a statement as an addendum to contract which states we will delete all client data within 48 hours (7 days possible)of the final day of support from a customer after termination of agreement.
We have conducted a review if what data we hold about individuals.
The only data we hold is mobile numbers for contact purposes.
We have exported contact lists for each client and sent them a list of all information to verify that express permission is given for us to have the mobile number.
What we are looking for
We would like the wording for us to state that all client data will be deleted within 7 days of a client terminating services.
what we are looking for
We are looking for a general policy statement to say the supplier has undergone extensive review and policies and procedures have been put in place to ensure we are compliant.
1, use of SalesForce and management of administrative information
Our central administrative system for all client data including administrative passwords is Salesforce.
All engineers have access to this data
All engineering staff sign a confidentiality clause in their contract about the use of this data and the use if this data once employment is terminated.
We employ a 2 step verification process for access to SalesForce
Associate Salesforce GDPR policy with our own.
All password breaches will be reported the effect organisation within 24 hours of breech
Controls for adding, Deleting, editing user accounts, permissions policy to implemented/to be implement with all clients (starters/leaver/permission change form) audit log is created automatically within SalesForce.
What we are looking for -
Is a policy for administrative access to client systems.
We incorporate all of the above but this needs to be developed into a Policy.
We have various other controls, for example deleting all site information within 48 hours of a client departing. Not storing individual passwords (e.g. We reset the password to work on the machine rather than asking for their passwords)
We have also sent each client a list of all contact information asking them to verify its accurate and where mobile numbers are held we have authorisation from the user to ahem this number.
2, Cloud services
Office 365 – provide Microsoft policy to all clients that use the service, together with above administration policy
G _Suites – provide Google policy to all clients that use the service along side above administration policy.
1st Cloud – we need to create something similar to G suites/Office 365 policy which is accompanied with above policy around administration of Systems.
We are working through the process of Cyber Essentials for our Cloud
We need to incorporated a section on Access to data Centres and clearance process.
We need to request security statement from Volta for access to Data centre.
Is there are statement for Cisco firewall or does it fall under Cyber Essentials?
What we are looking for.
We have our own cloud servers and provide a hosted desktop service for our clients.
This system is hosted in a secure data centre with extensive security restrictions in place.(documentation will be provided)
The physical security (e.g. Firewall’s switches are Enterprise grade devices managed and secured by Cisco certified professionals. We are currently undergoing Cyber Essentials audit for this cloud system.
Administrative access and controls is covered by the above Policy.
We are looking to adopt a similar policy to MS 365 & G-Suites with this service. I.e all reasonable care has been taken to secure the systems without restricting functionality. However compliance of the data itself falls under the responsibility of the owner of the data I.e the customer.
We also need to add a point about reporting of breaches. We have a responsibility to report to the customer within 24 hours of there being a breech of data. They have a responsibility to the report this to the authority as the data belongs to them.
3, management of user information we hold for clients
I would like the team in india to create a report for each active client with a list of contacts and details held
We need to ask clients to confirm the details and to verify they have permission from staff to share mobile numbers where personal.
I don’t think we need to complete anything Further.
We need prepare a statement as an addendum to contract which states we will delete all client data within 48 hours (7 days possible)of the final day of support from a customer after termination of agreement.
We have conducted a review if what data we hold about individuals.
The only data we hold is mobile numbers for contact purposes.
We have exported contact lists for each client and sent them a list of all information to verify that express permission is given for us to have the mobile number.
What we are looking for
We would like the wording for us to state that all client data will be deleted within 7 days of a client terminating services.
what we are looking for
We are looking for a general policy statement to say the supplier has undergone extensive review and policies and procedures have been put in place to ensure we are compliant.
Vishma R.
100% (7)Projects Completed
7
Freelancers worked with
7
Projects awarded
80%
Last project
11 Mar 2019
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
The 2 items at the bottom of this description - what we are looking for - are these the 2 areas/policy requirements that you need prepared? The data mapping / audit and systems are already in place for compliance on 25.05.18?
Thank you
Vishma R.17 May 2018Correct we are looking for the policies to be written, the systems have already been prepared for compliance.
644010
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies