While the work on releasing industry-class documented access control policy is still a work in progress, as young company we implemented following internal procedures to make sure we have culture & discipline on this matter:
- All employees at SpatialChat must use their @spatial.chat email accounts to access internal services
- Each employee has access only to those services that they need according to their scope of work, e.g.
- Backend engineers have access to servers and database, however they don't have access to customer billing data or finance data
- Support engineers don’t have access to any server infrastructure, but they have access to customer data (in order to be able to issue a payment refund, help with SpatialChat space setup, etc)
- All access is revoked from an employee within 3 calendar days after contract termination, and when reasonably possible - immediately
- Employees must have latest anti-virus software on their personal computers
- Employees shall use complex passwords for their work user accounts (min. 8 symbols, upper case letter, lower case letters, numbers and special symbols)