Skip to content
Gallery
Public Client Pages
All Client Pages
More
Share
Explore
All Client Pages

icon picker
The Unique VA Experience Security Policy

verified-account

At The Unique VA Experience, we understand the importance of safeguarding our clients' data and maintaining a secure working environment for all employees. This Security Policy outlines the measures we have implemented to ensure the highest level of data protection and confidentiality. Our commitment to these standards inspires confidence in our clients and emphasizes the urgency of adhering to these guidelines among our employees.

image.png

We enhance security with two-factor authentication using physical hardware keys.

We require all employees to use a
YubiKey
hardware key for authentication when accessing sensitive information. The
YubiKey
is a physical device that generates a unique, one-time code to verify the user's identity, significantly reducing the risk of unauthorized access to our clients' data. Even if a hacker gets an employee’s password, they would still need the physical key to access their account.

We manage and secure our passwords using enterprise-grade encrypted password management systems.

Our company utilizes enterprise-grade software (not freeware) for secure password management, offering full audit logging and encryption. Each client's passwords are stored in a separate vault, accessible only to designated project members. All client password access is logged and can be made available to clients upon request. Employees must adhere to password best practices and never share their passwords with others. Access to the password vault requires a physical hardware key (
Yubikey
).

image.png
CleanShot 2023-03-24 at 19.18.37@2x.png

We protect our systems with enterprise-grade comprehensive firewall, antivirus, and malware defense software.

We mandate the installation of company-wide, enterprise-grade security software on all employee computers to provide robust protection against malware, viruses, and unauthorized access.

We require annual cybersecurity awareness training and certification for all employees.

To ensure our employees stay informed about the latest security measures and practices, we require them to complete a 90-minute ESET Cybersecurity Awareness Training course and obtain certification annually. This comprehensive training covers essential topics, such as physical and online security, phishing, and comprehensive awareness around current security issues.

CleanShot 2023-03-24 at 19.26.00@2x.png
image.png

We enforce full-disk encryption to secure sensitive client data at rest.

We enforce full-disk encryption using Bitlocker (Windows) or MacOS encryption to protect sensitive client data stored on employee machines. This measure ensures that even in cases of unauthorized access or device theft, the data remains secure and unreadable.

We provide access to client data only when necessary for an employee's role.

Our employees are granted access to client data on a need-to-know basis, ensuring that they only have access to the information necessary for their specific roles. This approach minimizes the risk of unauthorized data access or leakage. Employees do not have access to client data or passwords if they are not working on the project.

image.png
image.png

We communicate sensitive information using encrypted channels.

Our employees must follow secure communication practices, such as using encrypted messaging apps or email services when sharing sensitive client information. Sharing sensitive data through insecure channels is strictly prohibited.
Employees are only included on client conversations or communication channels if they have a role in a client project.

We keep client data separate to ensure its safety and prevent unauthorized access.

We store client data securely in Google Drive, with each client's data segregated from others to prevent unauthorized access or data leakage. Employees do not have access to client data if they are not working on the project.

image.png

young-employee-background-new-workplacebusiness-concept.jpg

We promptly secure client data when an employee leaves the company.

When an employee leaves the company for any reason, we promptly secure client data by immediately revoking access to company systems, changing passwords, and updating access control lists.

We responsibly dispose of all client-related materials when our partnership ends.

Upon the termination of a client relationship, The Unique VA Experience securely destroys all client-owned artifacts, including documents, passwords, and any other data in our possession. This commitment ensures that our clients' information remains confidential and secure even after the business relationship has ended.
76e3d969-6d57-40f0-9a74-794d24a46cfe.png


Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.