In relation to the handling of any personal data required for the delivery of services by Collaborative Change within a project contract, the board of directors guarantees that:
Data is only accessible by named project personnel and is never transferred to a third party other than when written instruction is provided by the client.
Data is stored on a stand-alone Windows 10 desktop PC, protected with Windows and Norton security features. Access is restricted to designated project personnel using Windows user authentication and the application of strong passwords.
Files containing confidential data are transferred securely using Microsoft OneDrive for Business service. Other services are used if these are preferred by the client, for example Dropbox or a client’s own secure FTP service.
In the event of any confidential data needing to be transferred via email, these files are always password encrypted with the password being preferably sent using a separate medium (phone text), or at least a separate email if an alternative medium if not available.
Backups of data are stored securely using Microsoft OneDrive for Business cloud storage. In addition to OneDrive encryption, files containing personal data are also individually password protected.
No files containing personal data are stored on any form of removable media such as USB sticks.
All files are deleted 3 months after final completion of the project, or at some time agreed with the client if required. Secure deletion from drives is achieved using Microsoft’s SDelete utility.
Any redundant hard drives are wiped securely using DBAN before disposal.