Printed from CheckTick DSPT Compliance Documentation
Standard Data Security Clauses (Personnel)
Scope: All employees, founders, and contractors.
1. Compliance with Security Policies
Personnel shall at all times comply with CheckTickβs internal security framework, specifically the:
- Security Overview (OWASP alignment)
- Business Continuity & Disaster Recovery Policy
- Incident Response Plan
2. Technical Safeguards
Personnel agree to maintain the integrity of the platform by:
- Using strong, unique passwords and mandatory MFA for all systems (GitHub, Northflank, Google).
- Ensuring personal work devices (laptops/mobiles) utilize Full Disk Encryption (FileVault/BitLocker).
- Never storing patient-identifiable data (PII) on local unencrypted storage.
3. Mandatory Reporting
Personnel are contractually obligated to report any lost device, suspected phishing attempt, or potential data breach to the SIRO within 1 hour of discovery.
4. Training
Personnel must complete the NHS Data Security Awareness training annually. Failure to maintain training or repeated violation of security protocols may result in termination of the engagement.
5. Termination and End of Tenure
Upon dismissal, resignation, or the end of a contract period, all access to CheckTick systems and data shall be revoked immediately.
Access Revocation: Personnel must surrender all company-owned hardware and return any physical keys or tokens on their final day of engagement.
Account Deactivation: All cloud service accounts (including GitHub and Northflank) and local device accounts will be disabled or deleted by the Administrator within 24 hours of the departure.
Data Return: Personnel agree that all intellectual property and sensitive data remain the property of CheckTick and must not be copied or retained upon departure.