Unauthorised Disclosure

Owned by Roxy Sanchez
Dec 09, 2022
1 min read

Does your organisation segregate duties to prevent unauthorised disclosure or access to information?

Employees are granted access only to systems and resources required to complete their job functions. Administrative or other elevated permissions are strictly controlled and only granted when absolutely required. Generally, this is privileged access is only granted to those in more senior roles. eg. admin access to Commonplace platform infrastructure is only granted to the CPTO, Head of Technology and Tech Leads.

All access is recorded and reviewed on a regular basis (frequency is dependent on the criticality and sensitivity of the system and data) to ensure access remains in line with the restricted approach.

Only customer users with an admin login to Commonplace have access to any personal information about respondents:

  • Email addresses are not available in the current dashboard.

  • Personally identifiable information is not included in downloads.