Information Security

Owner: ALL Last revision: 04.01.2020

Objective#

To prevent unauthorized access to, loss of, damage to, or compromise to information assets, and interruption to the business activities of Further Digital Solutions (C4WEB STUDIO SRL) and its customers.

Policy Requirements#

• Information belonging to Further and its customers should be stored in the cloud whenever possible. Only keep local copies of information when it is absolutely necessary. Immediately dispose of copy when it becomes no longer necessary to keep a local copy.
• Project files (brief, design document, tasks, etc.) shall be stored in our project management tool (productive.io) and only be accessed by the team actively working on the project. If a team member is no longer working actively on the project for over 6 months, their access shall be revoked. If a team member leaves the company, their access shall be immediately revoked.
• Project source code shall be stored in our code versioning system (bitbucket.org) and can only be accessed by the team actively working on the project. If a team member is no longer working actively on the project for over 6 months, their access shall be revoked. If a team member leaves the company, their access shall be immediately revoked.
• Project files on the server (database, uploaded media, server configs) can only be accessed the project lead developer and DevOps team. If a team member is no longer working actively on the project for over 6 months, their access shall be revoked. If a team member leaves the company, their access shall be immediately revoked.
• All other non-project files and information shall be stored on Google Drive and only be accessed by authorized team members. If a team member leaves the company, their access shall be immediately revoked.
• Emails are shall be exclusively run through G Suite. If a desktop/mobile email client is used to access emails, the IMAP protocol shall be used to preserve cloud copies.