Regulations for employees

Reading Time: 2 minutes
Password security

Each employee at VCC Live® signs a strict confidentiality agreement at the start of their employment, and receives training in password and IT security.

Regulations are equally valid to all work-related areas, from releasing PC lock screens, to passwords for office and customer-related live systems. In the latter case, very strong passwords are required which are renewed periodically, based on appropriate procedures.

Relevant regulations:

  • Asset Management Policy
  • Access Management Policy

 

Access

All access to clients’ data can only take place if the client specifically requests it.

Only a restricted group of VCC Live®’s employees have access to live systems and data that is related to clients. Accesses privileges are divided into several categories, including access to servers, access to databases, and access through VCC Live®’s client software.

Only authorized staff are permitted to log onto the servers, and only authorised personnel are allowed access to the databases. Each role has its own relevant, regulated user privileges.

All access to VCC Live®’s client service is at a central location, and both access approval and denial are completely automatic processes. As one would expect, each access must be accompanied by a supplied unique username and password pair, which must comply with the highest safety requirements for passwords.

Only specified persons can have access to the system that manages these access rights.

There may be cases necessary to access a client account via VCC Live®’s client software for fault detection and consultation. In these cases, only specified persons are granted access to VCC Live® client software, and again only if the client specifically agrees to it.

Every event that occurs in VCC Live®’s IT system is logged by a central log server. Thus, any employee activity in the client environment, and the time it takes place, can easily be traced back.

Relevant regulations:

  • Communication Security Policy
  • Access Management Policy (Role-based access control)
  • IT Security Policy
  • Third Party Management Policy
  • Physical Security Policy and Procedures

 

Departing employees

For employees leaving VCC Live®, there is a separate regulation code which outlines the individual steps in the leaving process.

Initially, each of the employee’s access points that apply to client-related live systems are withdrawn. This takes effect immediately due to the automatic system connected to the VCC Live® client software, and the withdrawal of authorizations at server and database levels is handled as high priority.

After that, access to office infrastructure is withdrawn to prevent indirect access to live systems.

The final steps e.g. removing office physical accesses, are taken indirectly to avoid any possible issues.

Relevant regulations:

  • Communication Security Policy
  • Access Management Policy
  • HR Policy
  • IT Security Policy