In order to minimise risks, the number of copies of data held is minimised, commensurate with protection against data loss. In this case, this means that no portable device is ever used as a data repository. All data relating to customers, prospects and enquirers is held on one of the dedicated web servers in the Names Co data centre. For day to day use, this is accessed via a single account that does not have root privileges. Only one person has the login credentials for this account. Only one person has login credentials for the root account on any of our servers.
Our database is held on servers used are all protected by firewalls, and all security patches or updates are applied as soon as they become available by the one person responsible for security.
Data Theft Through Hacking
All personally identifiable data is held on a dedicated web server located in the UK and maintained by Names Co. This is protected by a firewall which is updated regularly.
Access to the database that holds such data is also restricted by a separate login with different credentials to the root user, connection being made via https web pages. See General Considerations for the policy regarding password generation, which is applied to all systems used by John Bush of John Michael Driving school, both on line and internally.
For disaster recovery purposes, the contents of the web server are backed up to a NAS unit in the main office. The backup is a snapshot of only the latest data and only the most recent backup file is retained in between weekly backup sessions, so that no obsolete data can be accessed or restored once removed from the main database (allowing a week of latency added to our regular data review cycle, as laid out in our Data Retention Term document).
Data access for employees is granted at a level where they can carry out the necessary procedures for their work through https web pages. These pages do not allow download of the database contents and nobody other than the responsible person has access to the database as root user.
Data Theft Through Equipment Loss
To prevent loss of data with equipment, no unlocked device that is used outside the office carries any sensitive data relating to the business or to the people that it deals with.
Damaged and End of Life Equipment
In the event of damage to equipment rendering it no longer serviceable, the hard drive will be removed and physically destroyed before disposal of the remaining hardware.
Where equipment has reached the end of its service life and is to be sold as used, the internal hard drive will either be replaced or completely erased and the OS replaced before sale.