Data retention policy
Data Retention Policy
1.0 Overview
GoLinks Enterprises has a commitment to protect the assets provided by customers and partners. GoLinks Enterprises is committed to the protection of this data while under contract with customers, and its destruction when GoLinks Enterprises and customers determine it is necessary to terminate the relationship.
2.0 Purpose
GoLinks Enterprises has implemented a data and record retention policy designed such that documents are retained in a uniform format for a specified period of time based on a defined retention schedule.
3.0 Scope
Policies covered under this policy include:
Retains records as necessary for business purposes, including maintaining the continuity and availability of records in the event of a disaster or hardware failure.
Retains records in accordance with applicable local laws.
Retains records relevant to pending or reasonably anticipated legal proceedings, consistent with the company’s legal obligations.
Retains records as necessary for tax purposes.
4.0 Policy
Customer provided data
Data that a customer provides to GoLinks Enterprises includes, but is not limited to, urls and descriptions, database schemas, data content (in database and text files), database backups, images, and user access information.
Data provided by the customer to GoLinks Enterprises will be removed from the GoLinks Enterprises environment and deleted within 30 days of termination of an agreement.
At the end of a customer's contract agreement with GoLinks Enterprises, GoLinks Enterprises will make the customer's metadata available to the customer for up to 30 days.
Revision History
Version
Date
Author
Summary of Changes
1.0
December 2018
GoLinks Policy Team
Original
Data archiving and removal policy
Removable Media Policy
1.0 Overview
Removable media can be classified as any portable device that can be used to store and/or move data. Media devices can come in various shapes and forms, including USB memory sticks, floppy disks, read/write compact disks and DVDs, PDA storage cards, magnetic tapes and cassettes – essentially anything that can be copied, saved, and/or written to which can then be taken away and restored on another computer.
By design, removable media create their own security vulnerabilities – they provide the means to conveniently transport up to several gigabytes of data from one computer or network to another. The most salient vulnerabilities being:
Most forms of removable media require no form of authentication, password protection, or configuration to install or use and they can make use of “plug and play” technologies and generally do not require any administrator privileges to install.
Unauthorized disclosure of sensitive data could occur if an item of removable media fell into the wrong hands.
In addition to their authorized data, users may also inadvertently transport (and therefore introduce) malicious software on to GoLinks Enterprises systems.
The nature and tangible size of removable media is such that they are also prone to accidental loss and/or theft.
2.0 Restrictions for the Management of Removable Media
Only GoLinks Enterprises owned and managed removable media should be used with GoLinks Enterprises systems.
It is not permissible to use GoLinks Enterprises owned media on personal computers or other devices that do not have an official connection to GoLinks Enterprises networks.
High sensitivity data must be protected to 256bit encryption levels when stored on removable media. If it is not possible to achieve this level of encryption, then its storage is prohibited.
Removable media should only be used to transport or store data when other more secure means (internal email or network shares) are not available.
If any item of removable media is no longer required by GoLinks Enterprises, it must be destroyed by approved secure means. This is only to be carried out by the Help Desk.
When transferring data from outside of GoLinks Enterprises, extreme caution must be taken, as the potential impact of a malicious software attack on GoLinks Enterprises systems could be severe.
Any loss or theft of any item of removable media must be reported immediately to the Help Desk so that the level of compromise can be assessed, and necessary efforts can be made for recovery.
3.0 Policy Compliance
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Revision History
Version
Date
Author
Summary of Changes
1.0
December 2018
GoLinks Policy Team
Original
1.1
December 2019
GoLinks Policy Team
Annual review and updates
Data storage policy
Server Documentation Policy
1.0 Overview
This policy is an internal GoLinks Enterprises policy and defines the requirements for server documentation. This policy defines the level of server documentation required such as configuration information and services that are running. It defines who will have access to read server documentation and who will have access to change it. It also defines who will be notified when changes are made to the servers.
2.0 Purpose
This policy is designed to provide for network stability by ensuring that network documentation is complete and current. This policy should complement disaster management and recovery by ensuring that documentation is available in the event that systems should need to be rebuilt. This policy will help reduce troubleshooting time by ensuring that appropriate personnel are notified when changes are made to any servers.
3.0 Documentation
For every server on a secure network, there is a list of items that must be documented and reviewed on a regular basis to keep a private network secure. This list of information about every server should be created as servers are added to the network and updated regularly.
Server name
Server location
The function or purpose of the server.
Hardware components of the system including the make and model of each system.
List of essential software running on the server including operating system, programs, and services running on the server.
Configuration information about how the server is configured including:
Event logging settings
Configuration of any security lockdown tool or setting
Account settings
Configuration and settings of software running on the server.
Types of data stored on the server.
The sensitivity of data stored on the server.
Data on the server that should be backed up along with its location.
Users or groups with access to data stored on the server.
Administrators on the server with a list of rights of each administrator.
The authentication process and protocols used for authentication for administrators on the server.
Latest patch to operating system.
Disaster recovery plan and location of backup data.
4.0 Access Control
The GoLinks Enterprises Network Administrator and Technical Communications have full read and change access to server documentation for the server or servers they are tasked with administering.
5.0 Change Notification
The network administration staff, application developer staff, and executive management shall be notified when changes are made to servers. Notification shall be through email to designated groups of people.
6.0 Document Review
GoLinks Enterprises Network Administrator ensures that server documentation is kept current by performing a quarterly review of documentation or designating a staff member to perform a review. The Test Track requests within the last quarter should be reviewed to help determine whether any server changes were made. Also any current or completed projects affecting server settings should be reviewed to determine whether there were any server changes made to support the project.
7.0 Storage Locations
GoLinks Enterprises server documentation is kept in electronic form in GDrive and backed up with Google Vault.
Revision History
Version
Date
Author
Summary of Changes
1.0
December 2018
GoLinks Policy Team
Original
1.1
December 2019
GoLinks Policy Team
Annual review and updates
Data center location(s)
United States
Data hosting details
Cloud hosted on AWS
App/service has sub-processors
yes
Guidelines for sub-processors