Skip to content

Tools

FooEngine has a variety of online resources and tools that we use to manage the company and the work that we do.

This section provides an overview of these and how they have been configured for security and how they are used. Keep in mind that these tools contain various levels of sensitive information that we shouldn't leak outside of the company.

General Security Rules

Unless otherwise noted, we implement single sign-on (SSO) on these tools, so you can log in with your FooEngine Google account.

For the services that we don't use SSO on, these have security rules implemented. Permissions across all tools implement role-based access controls.

Discussions Live On Slack

Our main internal communication tool is Slack, which supports SSO via your Google Workspace account.

Emails, meetings, and documents live in Google Workspace

We use Google Workspace for our emails, meetings, documents, and as our SSO provider.

Google Workspace enforces the use of MFA for all accounts, and users are onboarded by the people team.

Meetings and calls happen on Google Meet and Slack

For video and audio calls, we use Google Meet and Slack Huddles.

Google Meet is managed through our Google Workspace account. Slack Huddles are managed through our Slack account.

Passwords are stored in Keeper

We provide Keeper accounts for every user.

Users have their own accounts for Keeper, but we enforce the use of MFA. Users are added to both the Company vault, as well as any relevant team-based vaults.

Each user is responsible for their own usernames and passwords within their Keeper private vault.

Employee data lives in SenseHR

Across the company, we record data about employees in SenseHR, our HR system. This is generally Restricted data, since it's about our people, and contains things like passport and employment information.

Team-specific tools

Each team will have its own team-specific tools as well. You should consult with your teams specifically on these.

Team-managed tools must follow the Tools and Services Policy, particularly for onboarding and offboarding.

Keeper

We use Keeper to securely share sensitive information internally.

Using Keeper

Keeper doesn't just store your passwords and sensitive information (such as credit cards) securely, it also allows you to easily paste usernames and passwords into a site's or an app's login fields.

You can do this on the Mac by hitting Command + \ and on Windows Control + .

This works via direct integration (for Apps) and browser extensions.

If you're on Mac or iPhone – you can enable TouchID to unlock Keeper.

Department/Role Specific Vaults

Your line manager will be responsible for providing access to any specific vault you will need access to for carrying out your duties.

Asana

We have several workspaces in Asana. This is where various tasks are requested and tracked. Your line manager will be responsible for providing access to any specific vault you will need access to for carrying out your duties.

Airtable

We have several workspaces/bases in Airtable. This is where various tasks are requested and tracked. Your line manager will be responsible for providing access to any specific vault you will need access to for carrying out your duties.

There are various sharing options within Airtable, which are all restricted for security reasons. Should you have a need to share any bases/views please speak to your line manager in the first instance to see if sharing externally is the only solution. If it is, then a request will need to be made to the CTO for final approval.

Google Drive Privacy Settings

The importance of correct sharing settings

It's crucial that files, docs and sheets are stored correctly for the purposes of privacy and data protection. Below is guidance and checks to read and carry out by anyone who is accessing, creating or contributing to Google files in the drive (i.e. all of us).

There are multiple ways a breach of private data can happen, a few examples:

  • A file is created in a shared drive by mistake, this is common when copying a template that lives in a company-wide shared folder when the copy needs to be in a private folder
  • A file is created in your own drive and shared company wide, this also means if an error is made, no one but you can alter the sharing settings
  • A file is intended for company-wide or team-specific purposes but sensitive data is later added and sharing settings are not updated

Measures to carry out in every situation

  • Always check the folder you're creating the file in and check the sharing settings
  • Always default to creating the file in the relevant shared drive, as standard there are few reasons to be adding files to your private drive and sharing them individually
  • If you're adding sensitive data to a document/sheet always double check the sharing settings
  • Never share anything with sensitive information using the "Anyone with a link" setting. If you need to add someone externally they should be added directly to the document
  • Carry out periodic audits on all documents in your team drives that include sensitive data
  • Always report a document or sheet that has incorrect sharing settings to the owner/team
  • If there has been a breach, you must follow steps to log and report it as documented in this Handbook.
  • If you need help with reporting a breach, the above should be followed and Siobhan is the person to ask questions or assistance from
  • If you need help with checking sharing settings or have any other questions relating to Google Drive, you can speak to the CTO.