10 golden Housekeeping rules for data security
10 golden Housekeeping rules for data security
We take our responsibilities for data security extremely seriously and are constantly working to make sure all our Customers and users have the right technical tools to keep personal data safe as laid down by GDPR legislation.
Please read these 10 housekeeping rules and then :-
- share with your colleagues
- incorporate into staff training
- make field workers aware
- regularly review how you are applying them to your pro-Forms® usage
1. | Archive user accounts. | All accounts no longer required (both browser-based work Group or mobile app) should be archived to prevent a log-in to the system and therefore accessing personal data. |
2. | Encrypt applicable personal data fields on the forms. | Choose and set fields on the data collection forms to be encrypted. Field level encryption stores data in an encrypted format within the system database. Only on ‘View Submissions’ and on sending data out of the system via a trigger method or Custom Report do these fields become unencrypted. |
3. | Set user access permissions. | Set permissions of browser-based Work Group users to determine read only or read/ edit permissions for different areas of the system. |
4. | Delete data within 24 hours of transfer out of pro-Forms® | Once submitted form data has been transferred out of pro-Forms® by either email or to an in-house/ cloud storage system it should be permanently deleted from the system by a manual operation on the ‘View Submissions’ screen. A target of 24 hours after outward transfer seems a reasonable time scale. |
5. | Password protect Word layout templates used in triggers. | If a Client wishes to receive a copy of a completed form in either word or PDF format these should ideally be password protected via the ‘Layouts’ option in the system prior to a trigger running. |
6. | Set up 2FA for all browser-based Work Group user accounts. | All Work Group users have the option to implement 2 Factor Authentication on their account for logging-in to the system. This has to be done by each individual user and provides the option of receiving an emailed log-in code or using the Google Authenticator app. This should be set up on each user account. |
7. | Use password strength configurator for all user accounts. | From the ‘Account Settings’ menu option in the Work Group a password strength requirement can be set to : Not set, Weak, Medium, Strong or Very Strong. This setting will then apply to all NEW passwords set up against user accounts. |
8. | Ensure field workers only use the latest app versions. | App versions, device types and system logins can be checked from the ‘Reports’ – ‘View user logins’ report in the Admin menu option of the Work Group. |
9. | Sign out of app when not required. | All field workers should close the app (so that a new log in with a username and password is required) when not actively using the system to help protect from exposing personal data. |
10. | Set GDPR preferences to auto delete collected data. | The system default for data retention is set to 2 years, unless there are legal or operational reasons to retain personal data within the pro-Forms® system you should reduce this significantly to a matter of days to help limit the number of locations used to store the data you have collected. |