.png)
We maintain a register of access to passwords via a central password manager (LastPass). This is known as Access Control. You have responsibility for keeping secure all passwords to which you have been entrusted. Upon leaving the company, all passwords will be revoked.
We are currently working on a self-hosted cloud-based solution (Vaultier).
We have the legal and moral responsibility to take care of data provided to us by members and stakeholders. X has overall responsibility for data protection, but all staff have responsibilities in this area.
Data protection is formally included within the staff responsibilities. Here is a link (TBD) to the document which sets out expectations of staff members in this field.
Cloud-based systems are particularly vulnerable to attack from ransomware. We have a robust data backup strategy to minimise this risk. Backups are not permanently visible to the rest of the network. At least one of the backups is stored off-site.
Taken from "Small businesses: what you need to know about cyber security", UK Govt