In addition to the data categories we also have different levels of employee or contractor
Employee role categorisation
This applies to employees or contractors who have need to access Controlled data on a constant basis. Their access to Controlled data is ‘subject to requirements’ and as such they only have access to data where they need it. Prior to granting unrestricted access to Controlled data the following considerations will be carefully evaluated and documented against that persons HR record.
- Contract – the individual party to an appropriate agreement (e.g. employment or contractor agreement)
- Role – the role requires this level of access
- Training – the individual been adequately trained to be granted access
- Solutions – the individual has been granted access to the appropriate environment and tools to ensure the data is safeguarded (e.g. virtual environment, 2FA)
- Review date – to ensure that the individual’s knowledge is up to date
This applies to individuals who need occasional access to Controlled data e.g. an analyst who is working on a discrete project. They will have full visibility on a subset of personal data and the following check list items will be performed before access is granted:
- Contract – the individual is party to an appropriate agreement (e.g. employment or contractor agreement)
- Requirement – the access request is reasonable, giving the individual the ability to do the work required without access to information that they don’t need.
- Training – the individual has been briefed on the do’s and don’ts of using the data.
- Solutions – the individual has the technology they need to be able to keep the data safe
- Duration – access is deactivated after the required time period.
These individuals’ roles are not compatible with access to any controlled data as there is no business need for this to happen.
Our Server Manager does not require access to live PI data but does need access to all servers which means they could be exposed to customer PI (e.g. they manage the encrypted back-ups and they have administrative access to all of our SQL servers and Virtual Servers).
There will always be an appropriate contract between the Server Manager and Purple Seven and, due to the nature of the Server Manager, it must be assumed that they may be exposed to Customer PI or could potentially gain access to Customer PI and they will be treated as though they are always permitted access to Controlled data (although access will be restricted in as many areas as is reasonable).
Our Database engineers have regular need to access the raw data. This is a rare and privileged position. Quarterly meetings will be held Data Engineers to identify any potential weaknesses due to process or infrastructure
Our software developers normally do not require access to Controlled data and certainly they should not have access to this data unless there is a suitable contract in place.
Developers should by default:
- Not have access to our live database server
- Have access to appropriate test data that is not real PI
- Have access to all application servers
- Deploy their database code via the Database Engineer role.
- Not have access to any stored files that could potentially contain PI
- Not have access to the backups.
Developers do require occasional access to live PI data. Prior to any access given they will be reminded of their obligations and their use will be evaluated. Access will be granted and revoked after the work has been performed.
Analysts can generally do most of their work with Safeguarded data. They will request data from the Data Engineers and a determination as to what data they require will be made. It might be that access is granted to the Analyst in order to create Safeguarded data.
Prior to access, the analyst will be fully briefed on their obligations and the access procedure will be followed.
After getting requirement details access will be provided by a named individual who will revoke access after the work is complete.