Customer Responsibilities:
User Access & Management:
-
- Managing end-user access to the IRIS Connect system.
- Implementing strong authentication and password policies for end-users.
- Regularly reviewing and revoking unnecessary access rights.
Data Input & Management:
-
- Ensuring that the data they input into IRIS Connect is compliant with all applicable regulations.
- Making decisions about data retention and deletion in accordance with their policies and regulatory requirements.
Endpoint Security:
-
- Securing devices (computers, phones, tablets) that access the IRIS Connect platform.
- Keeping end-user devices up to date with the latest operating system (OS) and IRIS Connect app versions.
- Implementing and maintaining updated anti-malware and anti-virus solutions on their devices.
Awareness & Training:
-
- Ensuring users are educated about data security and approved uses of IRIS Connect
- Encouraging safe online behavior and practices among their users.
Incident Reporting:
-
- Promptly reporting any suspected security or data breaches to IRIS Connect.
- Cooperating with IRIS Connect in any subsequent investigations or necessary actions.
Regulatory Compliance:
-
- Ensuring that their use of IRIS Connect's system is compliant with their industry-specific regulations and standards.
- Handling any necessary permissions, notifications, or consents related to data they input into the system.
- Further information on customer GDPR compliance can be found here.
Terms of Service & Policies Adherence:
-
- Adhering to the terms of service, acceptable use policies, and any other agreements in place with IRIS Connect.
Network Security:
-
- While connecting to IRIS Connect, ensuring their network is secure. This may include VPNs, firewalls, and other protective measures.
Integration and API Security:
- If they integrate IRIS Connect with other systems, ensuring those integrations are secure.
- Managing and securing any API keys or credentials related to such integrations.
Data Export and Portability:
- If they choose to export their data out of the system, ensuring that their data is securely handled, transferred and stored. Any data exported from the IRIS Connect system is no longer the responsibility of IRIS Connect. See here for further information about downloading.
Further information regarding the responsibilities of the end user can be found in the IRIS Connect EULA.
Further information regarding the responsibilities of the organisation in the role of Organisation Administrator can be found in the Organisation Agreement.
Further information regarding the responsibilities of the organisation in the role of Customer and Data Controller can be found in the Organisation Agreement/Data Processing Agreement.
Responsibilities of IRIS Connect:
Data Security:
- Managing the security and integrity of customer data through the use of security measures such as encryption (at rest and in transit), backups, logging and monitoring, access controls.
Application-Level Security:
- Implementing firewalls, access controls, identity management, and ensuring application-level vulnerabilities are mitigated.
Patching:
- Regular updating and patching of our mobile applications and web platform
Incident Response:
- Establishing and executing a plan for responding to security incidents.
Compliance & Data Protection:
Ensuring all regulatory and compliance needs specific to the data and application are met. We currently confirm to Cyber Essentials Plus and NIST. Our GDPR compliance statement can be viewed here.
Further information regarding the responsibilities of the IRIS Connect in the role of Cloud Service Provider and Data Processor can be found in the Organisation Agreement/Data Processing Agreement