Access to software at Ballpark is strictly controlled by User Groups. In each functional team, at each level, we have set levels of access permitted to the software in that team’s software stack.
We have four User Groups with different levels of access to systems at Ballpark. The amount of access Ballpark employees have is dependent on what is required for them to do their roles, and with caution in mind. No one has access they do not require to do their role. For example, a teammate with Level 1 access should have no access to customer data, and will sign a Confidentiality Agreement prior to starting their position at Ballpark.
Confidentiality clauses exist in all employee contracts.
In addition, every employee completes an internal security checklist annually, to confirm:
- Required training has been completed
- A commitment to adhere to each of our data security standards
This is what that looks like, by User Group:
- Read only: Read only access to limited systems.
- Edit : Editors can typically carry out a limited number of functions within the software as relevant to their level and role.
- Admin: This role can typically edit and view all data, as well as add or remove other users from the system.
- Owner: The software Owner has full access to the capability of the system, including data exports.
Passwords and Security
When joining Ballpark, every member of staff is invited to join our password manager, an industry-standard software we use as a business, to safely manage passwords across the team.
Every member of staff confirms they understand they must use the password manager to generate and manage their passwords to decrease the risk of weak, insecure or written-down passwords.
If a member of staff is terminated, their password manager account can be immediately suspended by an administrator, meaning their access to every business-related software login is revoked in one step. The suspension of their password manager account is built in to our centralised offboarding process followed by all managers in the Company.
The password manager we use has the additional benefit that for any software for which we use a shared login, e.g. our social media accounts where several people may access the software using a shared password, these are also stored via the password manager. If we suspect a security breach or have a member of staff leave employment, the individual’s account can be suspended and password changed immediately.
Password manager administrators are business leaders only.
More detailed information on how Ballpark controls user access is available in our Data Management Policy:
- company controlled inboxes
- laptops and devices
- personal drives and shared drives
Author: Kelsey Traher, COO
Date of change: Jul 2022
Summary of changes: Initial version published.