Remote Staffing Access Controls, Incident Reporting, and Data Retention Policy
This policy outlines the access controls, incident reporting, and data retention procedures for Remote Staffing (“we”, “us”, “our”). It is designed to protect the integrity and confidentiality of data and to ensure that we respond appropriately to any security incidents.
- Access Controls
We use Google Workspace and LastPass (LastPass holds third-party security certifications including ISO 27001, SOC2 Type II, SOC3, BSI C5, TRUSTe) to manage access to client data. Access is granted on a need-to-know basis, and our contractors never see the clients’ passwords. When a contractor is offboarded, the client revokes their access to the Google Workspace and LastPass accounts.
- Incident Reporting
Any security incidents, including suspected or actual breaches of data security, must be reported immediately to our security team at firstname.lastname@example.org. We will investigate all reported incidents and take appropriate action to mitigate any risks and prevent future incidents. We will also notify affected clients as required by law.
- Data Retention
We retain client data for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer need to retain client data, we take reasonable steps to destroy or de-identify it in accordance with applicable laws.
- Review of Policy
We will review this policy periodically to ensure it remains relevant and effective in managing access controls, incident reporting, and data retention. We will notify clients of any significant changes to this policy.