At SEEK, our marketing research role routinely puts us in contact with highly confidential information such as new or modified products, product concepts, marketing plans, as well as personally identifiable information (PII), and regulated data. We consider all client materials confidential information and they are kept in the strictest of confidence. As such, SEEK operates under a comprehensive Information Security Policy highlighted throughout this document. Our staff is trained early and often on the importance of not sharing any information with staff who do not have a need to know. All client confidential and regulated data is kept in separate locations on our network, and only staff that should have access are granted permission. Training is conducted on broader emerging threats through a continual security awareness program. Our staff is screened with a national criminal background check. We also use a timed password protected screensaver on all end user systems. Further, we utilize locked shred bins in several locations in the building. Shred bins are emptied and shredded onsite monthly. We also encrypt data on our mobile laptop fleet through whole diskencryption, and regulated data at rest and in transit.
Information Security Policy & Privacy
Seek understands that depending on the type of disaster, additional assistance may be needed to complete projects. Seek is prepared to contract additional assistance, such as specialized water and fire remediation, contract labor, or third-party vendors where necessary to complete work, in a manner which is contractually permissible. Seek Company recognizes the potential risks associated with service interruptions due to an adverse event, such as a flood or power outage, affecting its operational, financial, stakeholder, or client’s obligations. Seek Company has developed policies to ensure the business can continue to function during abnormal circumstances. Our Cloud Data Vendor, has committed to an Uptime Percentage of 99.9%. They commit to a response time of 1 business day for low priority support needs, and 4 hours for urgent support needs. Our vendor employs an active-active data center model, with a third server located in a different state in order to serve backups if the primary servers are not accessible. In the situation where an event prevents Seek Company from accessing data in the cloud, our vendor provides status updates within an hour of an event, and ongoing updates through the duration of the event. They have proven through planned simulated exercises an ability to recover during DDOS attacks and continue serving data in a timetable that would not not affect Seek’s ability to provide final deliverables for a project. SEEK utilizes operating systems from Apple and Microsoft and uses databaseproducts Microsoft SQL Server and MySQL; ensuring we have both the greatest features and support communities available.
SEEK utilizes a number of methods to physically secure its primary facility. The building is configured with perimeter access, by unique (to each employee) numeric PIN at the building’s entrances, followed by PIN access to our floor. PIN access is authorized by HR, with access activity audited quarterly by the Technology & Operations Manager. PIN access is terminated immediately for exiting staff. External entrances and internal doors are configured with door prop alarms ensuring doors cannot remain open beyond 90 seconds. Further our staff is trained to prevent “tailgaters” from accessing the building and to question all unidentified visitors. We also utilize CCTV at our building and data center entrances.
Logical Access and Electronic Security
To manage logical access, HR authorizes account creation and removal. Account removal is performed through a comprehensive exit checklist ensuring all physical, electronic, and third party account access is terminated. In addition, the Technology & Operations Manager reviews privileged accounts & groups and performs quarterly account reconciliation reviews. Internal communication application access and other portal access is reviewed on a quarterly basis. Priorto employee access, an employee background check and end user policy & security training are completed. Our infrastructure is built on award winning Cisco switching, routing and security gear.
Equipment Reuse & Destruction
As governed by our “Equipment End of Life” policy, all media & equipment capable of storing data are securely wiped/destroyed before disposal. All end user equipment is also wiped before it can be reassigned for new use.
Data Loss Prevention
We have an extensive policy set requiring data encryption of regulated data while at rest or in transit. We accomplish this with a combination of:
• A Mobile Media Data Policy defining appropriate use of data on mobile devices
• An Encryption policy and procedure set
• Industry standard encryption software
We also conduct an ongoing awareness training and communication program as new risks emerge.