Page 72 - Ipsos
P. 72

Information Classification: Internal Use
                                                                       Ipsos Book of Policies & Procedures



                       •   Deleted files in OneDrive are moved to the Recycle Bin where they are kept for 90 days
                          after which point they are deleted permanently;

                       •   Security  settings  for  OneDrive  are  set  to  insure  an  optimum  level  of  security  and
                          protection  for  your  files,  do  not  attempt  to  change  any  settings.  For  compliance,
                          application  logging/auditing of all Ipsos employees OneDrive settings and activities are
                          regularly performed – employees found to be changing their security level, storing PII on
                          OneDrive  or  in  breach  of  Ipsos’s  security  policies  face  disciplinary  action,  up  to  and
                          including dismissal.


                         6.5    SharePoint

                   Microsoft SharePoint instance at Ipsos is centrally managed and used to store and share files. .
                   It is the only approved solution to share knowledge within the Group and is the technology behind
                   the Global Intranet site (accessible to All Staff for some parts)..
                   Access to some other SharePoint portals are given on a need to know basis.

                       •   The Storage of PII, PHI or Client Data is permitted on SharePoint sites with the exception
                          of some government clients with data residency requirements.

                       •   Information stored on SharePoint for internal use will be retained for the length of time
                          dictated by IT.1 - Information Management Policy.

                       •   Information deleted on a SharePoint site will remain in the Deleted Items for 90 days,
                          after which it will be permanently deleted.

                       •   All new requests for access for a SharePoint site must be submitted by the SharePoint
                          site owner via the Ipsos self-service portal.


                   7.0  Access Policy



                         7.1    Unauthorised access

                   Employees are not authorised to have access to confidential information related to clients or
                   projects they are not working on, nor should they discuss confidential information with other Ipsos
                   employees who are not working on matters for the same client.
                   They must not try to gain access to any confidential information if it is not related to a specific
                   business need.
                   The management of the access to Ipsos are centrally managed by Ipsos Tech teams responsible
                   for each application. For MIS and e-mails, they are managed by the Global Access Management
                   team.







                                                   Page 10 of 17
   67   68   69   70   71   72   73   74   75   76   77