Sensei Authorised Access Policy
26/10/2018
Introduction
The Board of Sensei are committed to making Sensei an awesome place to work, whilst also being a high-performing business where all members are able to work with energy and passion. Sensei requires all its members to be courteous, diligent, honest and conscientious. This is because Sensei's performance and sustainability as a business depends on the professional conduct and reputation it has in the marketplace.
Sensei's policy framework is intended to offer guidance to ensure there is clarity, consistency and fairness, so that all members of Sensei can work together to make Sensei an awesome place to work. All members of Sensei have a responsibility to ensure that they have an awareness of Sensei's policies, and to uphold and follow them.
This policy defines the governance and rules around accessing proprietary information within Sensei.
Policy overview
Sensei is committed to the highest standards of integrity, fairness and ethical conduct, including full compliance with all relevant legal requirements, and in turn requires that all its Board members, officers (including its Chief Executive Officer), managers, employees, volunteers and contractors acting on its behalf meet those same standards of integrity, fairness and ethical behaviour, including compliance with all legal requirements.
There is no circumstance under which it is acceptable for Sensei or any of its employees or contractors to knowingly and deliberately not comply with the law or to act unethically in the course of performing or advancing Sensei's business.
All members of Sensei shall conduct themselves in accordance with their contract of employment and Sensei's Code of Conduct. Any action which is unlawful, dishonest, harmful to others or otherwise against Sensei's principles of responsible business conduct is unacceptable.
Confidential Information
For the purpose of this policy, "confidential information" is defined as:
The names, details and information relating to clients or employees of Sensei;
Matters of a technical nature, trade secrets, technical data, marketing procedures and information, accounting programs and procedures, financial information, strategic and business plans and like information relating to the business of Sensei or its clients;
Other information which Sensei informs the employee is confidential or which, if disclosed, the employee knows or ought reasonably to know, would be detrimental to Sensei or its clients;
All other information which is imparted to the employee in circumstances which the employee knows or ought reasonably to know that the information is confidential to Sensei or any persons with whom Sensei is concerned;
But excludes any information that has been legally placed in the public domain.
Confidential Information Handling
As a Sensei employee, you must only use official information for the work-related purpose it was intended.
Unless authorised to do so by legislation, you must not disclose or use any confidential information without appropriate approval.
You must make sure that confidential information, in any form, cannot be accessed by unauthorised people. Sensitive information should only be provided to people, either within or outside Sensei, who are authorised to have access to it.
You may, during your employment with Sensei, have access to information to which you do not explicitly or reasonably require for your day-to-day duties (such as source code to products, information relating to clients that you are not involved with, sales and marketing information, etc.). You are to make best efforts not to access any information that is irrelevant to your day-to-day activities or any information that would be seen as unreasonable in gaining access to.
You should always exercise caution and sound judgment in discussing other people's personal information with other Sensei employees. Normally information should be limited to those who need to know in order to conduct their duties, or to those who can assist us in carrying out our work because of their expertise.
Former Sensei employees must not be given access to confidential information
Confidential information in Sensei's control:
a. Shall be collected and used lawfully for specified and legitimate purposes;
b. Shall be subject to appropriate and adequate organisational, physical and technical security arrangements;
c. Shall not be retained longer than required for business or legal reasons;
d. Shall not be stored on any personal or BYO devices
Customer Data
Definitions
Sensei Solution Component: The Software as a Service (SaaS) or licenced, instantiated copy of a Sensei Solution component.
Customer: The company or organisation that represents the end-users of a Sensei Solution.
Partner: The reseller or authorised agent to sell, deploy and support the Sensei Solution Component on Sensei's behalf.
Customer Care Admin: The Customer Care Executive Director, Customer Care Team Leader or Customer Care member who has been authorised by the Customer Care Executive Director.
Solutions Administrators: A small group of dedicated administrators responsible for Security Incident Response and BCP execution.
Customer Data: Any data or artefacts supplied by the customer that are stored within Sensei Solutions Components.
Shared Account. An account where the human responsible for the actions of the account are ambiguous.
Scope
This policy applies to Customer Data regardless of the physical or administrative ownership of the data. This includes both uniquely created data and data extracted or aggregated from other Customer owned systems.
This policy specifically excludes data managed by the Customer in non-Sensei systems or components.
This policy applies to the handling of Customer Data by direct Sensei employees, specifically excluding all Customers, Partners and Microsoft Employees.
Guiding Principles
Need to know. Users will be granted access to systems that are necessary to fulfil their roles and responsibilities.
Least privilege. Users will be provided with the minimum privileges necessary to fulfil their roles and responsibilities.
Access Procedures
Requests for additional access privileges to Customer Data originating from within the Customer organisation that can be enacted through the relevant self-service UI are excluded from this policy and are subject to the Customer's own IT Policies and procedures for authorised access.
Requests for additional access privileges to Customer Data originating from within Sensei must be formally documented via a Customer Care ticket and appropriately approved by Customer Care Admin before granting access.
Requests for special accounts and additional privilege to access Customer Data (such as Partner accounts, Test accounts) must have a documented originating Customer email/Customer Care ticket.
Where possible, technical mechanisms will be put in place to enable the automatic expiry of Customer Data access at a pre-set date. More specifically;
When temporary access is required, such access will be removed immediately after the user has completed the task for which the access was granted.
Sensei user accounts participating in a Customer project will have access removed at the completion of the Project.
Access rights will be immediately disabled or removed when the employee is terminated or ceases to have a legitimate reason to access Customer Data. See Sensei Offboarding policy.
A verification of the user's identity and the legitimate need for Customer Data access will be performed by Customer Care Admin prior to granting access.
Existing user accounts and access rights will be reviewed at least annually by Customer Care Admin to detect dormant accounts and accounts with excessive privileges. Examples of accounts with excessive privileges include:
An active account assigned an employee that no longer work for Sensei. This is a safety check for the proper functioning of the Offboarding policy.
An active account with access rights for which the user's role and responsibilities have changed over time that no longer have authority/responsibility/need to access Customer Data.
System administrative rights or permissions (including permissions to change the security settings or performance settings of a system) are granted to a user who is a not a member of Solutions Administrators or Customer Care Admin.
All access requests for elevated access to Customer Data are documented via Customer Care ticket.
While not having direct permission to Customer Data, it is acknowledged that the Solutions Admin team members must maintain administrative control of all systems in order to facilitate the adequate execution of the Security Incident Response Plan and regional BCPs.
Administrative accounts
- All Administrative accounts within Customer Care Admin and Solutions Admin that can change the security settings or performance settings of a system must have Multi-Factor authentication enabled.
Shared Accounts
Access to Customer Data shall not be granted to any Shared Accounts, where the human responsible for the actions of an account are ambiguous.
No Shared Accounts will be created, or existing account repurposed as Shared for the purposes of multiplexing access to Customer Data.
If Customer Care or Solutions Admin becomes aware of a Shared Account, access to Customer Data will be revoked immediately.
Partner Accounts
- The use of security features in Sensei Solution Components by Partners and their subsequent Customers are the responsibility of Partners and Customers respectively, pursuant to their own IT policies for authorised access.
Exceptions
Exceptions to the principles in this policy must be documented and formally approved by the Solutions Director. Policy exceptions must detail:
- The relevant Sensei Solutions Component and Customer Data exposed.
- A reasonable explanation for why the policy exception is required.
- Any risks created by the policy exception.
- Evidence of approval by the Solutions Director.
Authorisation
Andy Neumann
7th November 2018