SHAREPOINT Privacy at TIBER TECHNOLOGIES

 

Tiber Technologies, Inc. SharePoint Security Policy

At Tiber, we understand that protecting the privacy of our users and teammates is critically important. We are committed to establishing a safe and secure SharePoint site to protect Tiber’s procurement sensitive data as well as any proprietary data shared by our teammates.

Definitions

  1. “User(s)” means the employee(s) of Tiber Technologies, Inc. who have access to Tiber Technologies, Inc. SharePoint site where documents are stored.

  2. “IT Team” means Tiber Technologies, Inc. Information Technology Team.

  3. “Document(s)” means all types of procurement related documents that may be in a variety of formats, including Microsoft Office files, Adobe files, video files, audio files, images etc.

  4. “Team Lead” means the authorized Tiber Technologies, Inc. staff to access the SharePoint site from outside premises.

  5. “Teammates” means the authorized individuals from outside companies that have an executed NDA with Tiber Technologies, Inc. and have been approved for access to the Tiber Technologies, Inc. SharePoint site.

  6. “Site(s)” means Tiber Technologies, Inc. SharePoint site(s) created by Tiber Technologies, Inc. to store documents.

  7. “Recipient(s)” means Tiber Technologies, Inc. clients who send projects to Tiber Technologies, Inc..

Policy Compliance

Compliance Measurement: The IT Team will verify compliance with this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
Exceptions: Any exceptions to this policy must be approved by the IT team in advance.

1. Purpose of the Policy

Tiber Technologies, Inc. is committed to a policy of protecting the rights and privacy of data and confidential information belonging to both employees and teammates. The policy applies to all staff of Tiber Technologies, Inc..

As a matter of good practice, every staff at Tiber Technologies, Inc. will be expected to have read and complied with this policy. Any breach of the data protection policy is an offense, and, in that event, disciplinary procedures will apply.

2. Scope

This policy refers to all employees Tiber Technologies, Inc., consultants and teammates.

It applies to all files that Tiber Technologies, Inc. receives from consultants and teammates. This includes files that are received as an attachment via email, or via file transferring tools like Dropbox, Google Workspace and completed files that Tiber Technologies, Inc. team members have worked.

3. SharePoint Data Encryption

Purpose

This policy is intended to establish the requirements for the application of encryption to documents and tools as a means of protecting the confidentiality, integrity, and availability of Tiber Technologies, Inc. and teammates’ data and information.

Scope

The policy covers the application of encryption to documents stored in SharePoint site.

Policy

Tiber Technologies, Inc. does not implement any additional document encryption tool/application for documents in its SharePoint site beyond the protections offered by Microsoft.
Microsoft has implemented tools/application for encryption of data stored in SharePoint at the data center. Microsoft SharePoint uses disks with BitLocker encryption and secures traffic with SSL over HTTP.
Information Rights Management options allow us to control access to sensitive data. This allows users to restrict permission to access or open any document. This lets users set access permissions to help prevent sensitive information from being printed, forwarded, or copied by unauthorized people. Only the authorized recipient will be able to access or open the document. This option is not mandatory.

4. SharePoint site access control using SharePoint permission level

Purpose

This policy is intended to control access that employees Tiber Technologies, Inc. and its teammates and consultants have to SharePoint sites. Only users working with specific areas of a proposal are granted access to those areas of the site. With permission level, Tiber Technologies, Inc. can control access to edit or view and sharing of documents and folders.

Scope

This policy covers all users in Tiber Technologies, Inc. and teammates who have access to SharePoint sites.

Policy

Users in Tiber Technologies, Inc. with access to SharePoint site are assigned a permission level to edit the site. This permission level allows users to perform actions such as upload and download files, delete files, create or delete folders, share files and folders, sync files/folders, edit files online/offline, edit and manage the SharePoint site content and appearance. The site owner’s role with full control access is given only to the IT Team.

Teammates are assigned with contribute role, where they can have permission to upload and download files, delete files, create or delete folders, share files and folders and edit files online/offline.

Responsibilities

    • The IT Team is responsible to create SharePoint sites and assign permissions based on the policy to users and teammates.

    • The IT Team is responsible to onboard teammates to the SharePoint site. IT Team will onboard teammates and consultants, who do not have Office 365 account, as guest users to access SharePoint.

    • Users can share files or folders with teammates. For access to sites, users need approval from the IT Team.

    • On resignation or termination of employment or users moving to another role in the company, all permissions to SharePoint sites will be terminated immediately within the time of the notice received.

    • Upon notification from a teammate of an authorized user moving to another role in the teammate’s company, all permissions to SharePoint sites will be terminated immediately within the time of the notice received.