Skip to main content

Data Access

At Figuro, we understand the importance of restricting access to sensitive data and implementing measures to prevent unauthorized access. Therefore, we have established guidelines to ensure that data is accessed only by authorized personnel and kept secure at all times.

Our guidelines include implementing role-based access control (RBAC) to assign permissions based on teams or job functions, having clear policies and procedures for managing data access, and requiring management authorization for any requests for access. By following these measures, we can significantly reduce the risk of unauthorized data access and mitigate the potential consequences of a data breach.

Local Development

When developing new features, it is important to keep development repositories separate from production data. This practice helps to prevent accidental modifications to production data during testing. Instead, generated data should be used for testing purposes. Generating test data allows developers to ensure that their code works as expected in a safe environment.

Production

In production environments, it is crucial to ensure that credential files are restricted at the operating system level. These files should only be readable by the process owner to prevent unauthorized access. Additionally, data should be limited to the application scope to prevent accidental exposure of sensitive information.

External Tools

When sharing customer data with third parties, management should approve it and ensure compliance with any data management agreements already in place. Doing so protects customer data and prevents unauthorized exposure of sensitive information.

Data Science

While data scientists may need to access customer data, it is important to anonymize the data to prevent personal identification. Anonymizing customer data allows data scientists to access the data they need while still protecting customer data.

Resources

Additional resources for Data Access Restriction and RBAC.