Network Security Policy

Network Security

• Access to the network will be via a secure log-on procedure, designed to minimise the opportunity for unauthorised access. This includes two-factor authentication and SSH keys.
• There is a formal, documented user registration and de-registration procedure for access to the network.
• Access rights to the network will be allocated on the requirements of the user’s job, rather than on a status basis.
• Security privileges (i.e. ‘super user’) to the network will be allocated on the requirements of the user’s job, rather than on a status basis.
• Access will not be granted until prior approval has been granted by the appropriate staff member(s).
• All users to the network will have their own individual user identification and password.
• Users are responsible for ensuring their password is kept secret.
• User access rights will be immediately removed or reviewed for those users who have left the organisation or changed jobs.
• You may not use, or encourage, promote, facilitate or instruct others to use, the Services or Oboloo Site or platform for any illegal, harmful or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, or offensive.

Third-party Access To The Network

• Apart from hired contractors, no third-party access is allowed on any oboloo network
• Third-party contractors will need to hold public liability insurance, professional indemnity insurance and cyber insurance. These need to be approved by the supplier onboarding team prior to access.