We are still working on releasing an industry-standard policy for access control, but as a young company, we have put in place some internal procedures to ensure that we have a culture of discipline in this area.
These procedures will help us to make sure that we are handling access control in a responsible and professional manner:
- All employees at SpatialChat must use their @spatial.chat email accounts to access internal services.
- Each employee has access only to those services that they need according to their scope of work, e.g.
- Backend engineers have access to servers and database, however they don't have access to customer billing data or finance data.
- Support engineers don’t have access to any server infrastructure, but they have access to customer data (in order to be able to issue a payment refund, help with SpatialChat space setup, etc.)
- All access is revoked from an employee within 3 calendar days after contract termination, and when reasonably possible - immediately
- Employees must have latest anti-virus software on their personal computers.
- Employees shall use complex passwords for their work user accounts (min. 8 symbols, upper case letter, lower case letters, numbers and special symbols).