There may be times that Goodfellow Technology Solutions may interact with sensitive data.  This policy should document the guidelines for how any sensitive data is handled.

Definitions:

• SAD – Sensitive Authentication Data:
  • Full Magnetic Stripe Data
  • CAV2/CVC2/CVV2/CID
  • PIN/PIN Block
• CDE – Cardholder Data Elements:
  • Primary Account Number (PAN)
  • Cardholder Name
  • Service Code
  • Expiration Date
• OSI – Other Sensitive Information
  • All other sensitive information
  • Customer information
  • Sensitive business information
  • Legal Documents
• HSD – High Security Data
  • any data that contains CDE (Cardholder Data Elements) or OSI (Other Sensitive Information)

Goodfellow Technology Solutions will not store any data containing any SAD (Sensitive Authentication Data) of any kind.

High Security Data Transfer Policy:

Goodfellow Technology Solutions considers the security of HSD to be critical when taken outside of a business network.  Because of this, it is important that one of the following procedures be followed when transmitting data that contains any sort of HSD:

Encrypted Email – A secure email using encrypted methods to prevent unauthorized access

Encrypted ZIP file – A password protected ZIP file that is secured using encrypted methods and uploaded to a cloud sharing service

Encrypted USB transfer – A password protected USB drive utilizing encryption methods to prevent unauthorized access

High Security Data Storage Policy:

When storing high security data utmost care and protection of that data will be taken.  All physical devices containing HSD data will be stored in a locked and secure manner.  HSD data will only be transferred via a secure method and only to a secure device.  Data containing HSD is only to be shared with authorized individuals.  The data storage and security methods are to be analyzed on a monthly basis.  At this time, any unnecessary HSD must be purged. Any identified security risks must be assessed and mitigated.