Skip to main content

Client Data Policy

Purpose

This policy establishes the requirements for restricting access to client data within the Skpr hosting platform solution to ensure data privacy, security, and compliance with regulatory and contractual obligations.

Scope

This policy applies to:

  • All Skpr Platform Team members

Policy Statement

  • Team members must have access only to the minimum data required to perform their duties.
  • Skpr Platform Team member access must be temporary and reviewed periodically (e.g., quarterly access audits).
  • Client data must not be used for secondary purposes (e.g., analytics) unless explicitly authorised.
  • Any access to client data must be logged, monitored, and subject to multi-factor authentication (MFA).

Access Control Measures

  • Role-Based Access Control (RBAC): Skpr Platform Team members should be granted access based on their role and required functions.
  • Time-Limited Access: Skpr Platform Team members should be restricted to the shortest duration necessary.
  • Logging and Monitoring: All Skpr Platform Team member interactions with client data must be logged and subject to regular security reviews.
  • Incident Reporting: Skpr Platform Team members must report any unauthorised access or security incidents immediately.