| Policy List: | | 1. Environment ISO 14001. | | 2. Energy ISO. | | 3. Expenses. | | 4. Community and Charity. | | 5. Service Agreement. | | 6. Business Continuity ISO. | | 7. Risk ISO. | | 8. Discrimination. | | 9. Knowledge. | | 10. Encryption. | | 11. Communication. | | 12. Health and Safety ISO. | | ..Policies.. | | Software. HTML. Cookie. URL. Error Message | | Social Media. Marketing. Brand. FB and Twitter Publicity Stories. Bots to Like and Forward News. | | Access Control. Data Access. Fake Data. | | Object Naming. Job Title. | | Attachment. Upload. | | Removable Media. Desktop. | | Data Integrity. Standards. | | Digital Currency. Blockchain. | | Domain. | | Education. Training. Qualifications. Course. Clearance. | | Recruiting. Values. | | Privacy. Security. Protection. Password. Authentication. | | Cyber War. Anti-Virus. Reverse Attack. Insurance. |
| Abstract. | | 1. Every Policy exists to provide a Benefit using a Method as a Procedure List to provide that Benefit. | | 2. The policy benefit must exceed the cost of the procedures needed to provide the benefit. | | 3. The policy method is a rationale and summary of the Procedure List. | | 4. Where a policy does not have any procedures to achieve the benefit, then the policy cannot provide its benefit. | | 5. These policies pertain to the Bespoke Application Service (BAS). |
| Environmental Policy. | | Objective: | | 1. BAS shall conform with ISO 14001 Environmental Management Standard (EMS) to provide a pleasing and healthy work environment. | | ..ecology policy.. | | Method: | | 2. The working environment shall be flooded with plants, pools of fish and a haven for small birds. | | 3. The pools of water shall act as an emergency fire suppressant that feeds the plants and is cleaned by the fish in a closed cycle. | | 4. Harmony shall be sought with insects eating plants and birds eating insects. Conflicts with large birds, squirrels and foxes to be resolved. | | 5. A fresh water policy involving rain water capture is to be established. | | 6. An underground air-to-air pump policy to replace gas heated air is to be established. | | 7. The dual waste water and rain water policy is to be improved. | | 8. Please see the associated Health and Safety Policy. | | Procedure List: | | 8. The Environmental Manager shall manage the plants and pools in a way to provide a pleasing and healthy work environment. | | ..link to EMS 14001.. |
| Energy Policy. | | Objective: | | 1. BAS shall generate electricity to reduce all energy costs towards zero. | | 2. BAS shall operate from in-house batteries and not be dependent on mains electricity supplies. | | Method: | | 2. The working environment shall be flooded with solar panels to capture radiated sun light for the maximum length of day. | | 3. Solar energy shall be used to charge batteries and NOT used with an invertor to generate 240 volt AC on-grid power. | | 4. Batteries shall provide 24 volts DC to all computers, 12 volts DC to all lighting systems and 5 volts DC to all USB powered devices. | | 5. Overnight cheap rate mains power may be used to charge the batteries during the winter when daylight hours are restricted. | | 6. Computers, printers, screens and all other equipment shall be designed to operate from low voltage power such as 24 volts or 5 volts. | | Procedure List: | | 6. The Facility Manager shall manage all electrical equipment to operate from low voltage DC power supplies. | | ..link to metered energy service.. |
| Service Agreement Policy. | | Objective: | | 1. BAS shall be provided and operated by people with a service agreement or equivalent contract. | | Method: | | 2. All people shall have a service agreement that includes a commitment to non-disclosure and privacy of business information. | | 3. People are directed to only reference other people by their job title so names are not disclosed - the names of people are protected. | | 4. People are directed to only reference customers by their project codes so names are not disclosed - the names of customers are protected. Most people have no right and no reason to know the names of customers or suppliers, and may not know the names of other people. | | 5. People are directed never to leak private, confidential or sensitive business information by telephone or email - encrypted Business Message Services are provided for all communications. | | 6. People have the right to work any hours in any place they choose. | | 7. People have the right to take any holidays and leave they choose. | | 8. People have the right to operate any pension scheme they choose. | | 9. People have the right to any subsistence, health and wellbeing benefits as they choose. | | 10. People are directed to fully conform with IR35 and all UK laws. | | 11. People have the right to any disciplinary and grievance procedure as they choose. | | 12. People have the right to have conflicts of interest, competition and solicitation as they choose. | | 13. People have the right to dress as they choose. | | 14. People are directed to never to offend any other person by language, guesture or behaviour. | | Procedure List: | | 15. The Personnel Director shall ensure that all approved people have a service agreement or equivalent contract. | | ..link to standard service agreement so the method can be simplified.. | | ..link to IR35 rules as referenced.. |
| Expenses Policy. | | Objective: | | 1. BAS shall operate and record financial expense transactions in conformance with UK laws and regulations. | | 2. This Expenses policy includes: a company car policy. | | ..financial stability policy... | | Method: | | 2. Expenses wholly, exclusively and necessarily to do business shall be permitted when submitted with adequate evidence. Fifty percent of a bill may be submitted when only 50% was necessary for the business. | | 3. A fixed set of cost code purposes must be applied to every expense claim. | | 4. Expenses are permitted for supplies and consumables. | | 5. Expenses are permitted for training; subscruptions, books and courses associated with BAS. | | 6. Expenses are permitted for travel; mileage OR fuel, motor expense, park, wash, hotel, air, ocean, train, car hire, taxi. | | 7. Expenses are permitted for subsistance; food, drink, laundry. | | 8. Expenses are permitted for communications; phone, internet, post, CCTV, software, backup. | | 9. Expenses are permitted for office; rent, rates, repairs, heat, light, water. | | 10. Expenses are permitted for protective clothing; protective equipment, safety, exclusive uniform, identification, CCTV. | | 11. Expenses are NOT permitted for entertainment. | | 12. Expenses are NOT permitted for marketing. The company can do marketing but people cannot do marketing on behalf of the company. | | 13. Expenses are NOT permitted for fines. | | 14. Expenses are NOT permitted for capital equipment expendature. People may buy their own personal computers. | | 15. Expenses are NOT permitted for clothing that may be worn outside the work place. | | 16. Expenses are NOT permitted for commuting to a normal place of work. | | Company Car Policy: | | 17. People may choose to either (1) buy a company car and bill expenses for all actual fuel and motor expenses when on business or (2) claim a mileage allowance for using their own private car on business. The majority of people may find that the HMRC motor allowance for use of their own vehicle is cost effective for less than 10,000 miles per year. A few people may find that buying a company van that is used wholly for company business can use a specific credit card for vehicle fuel and purchases to simplify their expenses. | | Procedure List: | | 18. The Finance Director shall manage expenses in compliance with this policy and people shall use the financial expense claim service. | | 19. An expense statement is available to each person by calendar month. | | ..link to financial expense claim service.. |
| Business Continuity Policy. | | Objective: | | 1. BAS shall operate non-stop, shall never have any downtime and shall comply with ISO 22301 Business Continuity Standard (BCS). | | 2. This Business Continuity policy includes: deletion, replication, backup, download, history, archive and service level policies. | | Method: | | 2. A large number of secure data centers operate in parallel with replicated data so in the event that a data center fails, another data center can take over a continue providing BAS. | | 3. Deletion Policy: | | No facilities are provided for an approved person to delete any business data. | | Automated are provided to destroy business data when it has expired and is past the end of its life cycle - all business data has an assigned life cycle. The life cycle may be dependent on when the business data was last changed and not on when it was last viewed. | | ..data retention policy... | | 4. Replication Policy: | | As business data is changed it is automatically encrypted and saved to more than one physical location. Encrypted data is message switched to a large number of secure data centers in real time. When a large number of copies of business data is stored in a large number of remote places, then the possibility of loosing any business data reduces towards zero. | | 5. Backup Policy: | | Backup facilities were phased out and replaced with replication in 2005 when it was proven that recovery cannot happen with any degree of certainty. The use of One-Drive and iDrive is not permitted because the data is in effect stolen and it under the control of a third party with a different sovereignty. | | 6. Download Policy: | | Download facilities are provided to an Owner upon request, but cannot be recommended because the data is not protected by encryption and it may be stolen. Evidence of every download it recorded because the person downloading the business data becomes legally responsible for the protection of that data in compliance with GDPR. It s not a trivial responsibility to have a downloaded copy of business data and cyber insurance costs to cover a potential data breach may be significant. | | 7. History Policy: | | History facilities are provided to every approved person to view who and when each and every field value was changed. Fraud is minimised by leaving no place to hide when a field value is changed. Any field value changed in error can be restored to its original value with yet another change. | | 8. Archive Policy: | | Archive facilities are provided to move obsolete data from its primary list to an archived list according to the data life cycle specification. All business data has a life cycle of (1) primary, (2) archive and (3) destroy. The events that trigger life cycle transition are documented by the Data Controller and Owner and automatically executed. | | 9. Service Level Agreement (SLA) Policy: | | The BAS has a Service Level Agreement and the Service Level Manager is responsible to ensure that the service level agreement clauses are exceeded. | | Procedure List: | | 10. The Business Continuity Manager shall manage BAS in a way that it cannot stop as far as an approved person is concerned. | | 11. The Development Manager shall ensure that no data deletion facilities are provided for approved people. | | 12. The Development Manager shall automate the destruction of business data when it has exceeded its assigned life cycle. | | 13. The Service Level Manager shall continually monitor the service level and ensure that every service level clause is exceeded. | | ..link to ISO 22301 BCS.. | | ..link to SLA.. |
| Risk Management Policy. | | Objective: | | 1. BAS shall eliminate or mitigate all risks in compliance with ISO 31000 Risk Management Standard. | | 2. This risk policy includes: Power of Attorney, Last Will and Testament and Cyber Insurance policies. | | Method: | | 2. Whatever it takes to eliminate or mitigate risks towards zero must be taken - this is not an option. | | 3. Archiectures must continually evolve to eliminate known risks. Take whatever precautions that are needed to prevent long range photographic equipment being able to see inside the work place to view business data. | | 4. Knowledge of data breaches made by other corporations must be fully analysed, understood an applicable counter measures deployed. | | 5. The current cyber war must be understood from both the defenders and attackers points of view - and action taken. | | 6. Last Will and Testament (LWT) Policy: | | People working with BAS have a duty to ensure that their last will and testament is fully up to date and reviewed from time-to-time with liasion with the executors and beneficiaries. When people sign their service agreement, the Personnel Director shall expect that a LWT is signed at the same time. Responsible people face risks and manage risks. A persons Last Will and Testament has zero cost. Funeral costs of at least three thousand pounds must be made available. | | 7. Power of Attorney (PoA) Policy: | | People working with BAS have a duty to ensure that Power of Attorney (financial) is vested with another responsible person to be used in the event of an accident or incident that leaves the person unable to look after their own financial affairs. When people sign their service agreement, the Personnel Director shall expect that a PoA is signed at the same time. Responsible people face risks and manage risks. A persons Power of Attorney has a registration cost of just over one hundred pounds. | | 8. Cyber Insurance Policy: | | The Application Service Provider has choosen to switch cyber insurance costs into data breach prevention costs. It is far better to prevent a data breach than be insured to pay for the consequences of a data breach. It is not reasonable to try to insure against incompetence and a "I did not know" defence. Even with the very best cyber insurance, full security measures to mitigate a cyber crime must be proven to be deployed. | | 9. When Who Did What Policy: | | Continual monitoring of every online request to logged as evidence of a cause and a consequence. When people say that the "system" changed a field value - evidence will clearly show when and who actually changed the field value. Dual interlocking evidence trails are deployed at the person level and at the data object level so one immutable evidence trail verifies the other immutable evidence trail. Evidence is encrypted and replicated to many distributed data centers to it can never tbe fraudulently changed. | | Procedure List: | | 10. The Risk Manager shall manage threats, risks and vulnerabilities with documented details of applicable policies and security measures. | | 11. The Data Protectopm Officer shall manage the Data Protection Impact Assessment (DPIA) and provide details of appropriate policies and security measures. | | 12. The Information Security Manager shall deploy all applicable security measures as specified by the Risk Manager and Data Protection Officer. | | ..link to DPIA.. |
| Discrimination Policy. | | Objective: | | 1. People shall not discriminate between people. | | 2. People shall not offend other people. | | Method: | | 2. It is illegal and not acceptable to discriminate between people or to offend people. | | 3. All people must be treated with equality. | | 4. People should be known by their job title. | | 5. People should never disclose their beliefs, religion, culture, race, colour, ethnicity, origin, place of birth, date of birth, parentage, gender, sexuality, age, marrital status, health, disability. | | 6. People may disclose their preferred language, time zone, contact method. | | 7. Asking for a persons gender or using a title like "Mr" as part of a name is sexist and can only be used to discriminate against that person based on their gender. Legal funds are provided to help a person sue any company that asks for a persons gender where the only purpose is discrimination. | | 8. It is reasonable to ask if a person is an adult over the age of 18, but it is not acceptable to ask the age of a person because their age can only be used to discriminate against that person. Legal funds are provided to help a person sue any company that asks for a persons age where the only purpose is discrimination. | | Procedure List: | | 7. The Personnel Director shall terminate all contractual relationships with any person who is shown to discriminate in any way at any time. | | 8. The Finance Director shall fund legal council to sue any company that discriminates against a team member. |
| Knowledge Policy. | | Objective: | | 1. BAS is provided by knowledge provided as a Business Requirment Specification with continual improvements. | | 2. Knowledge is optimised to be the internal mathematics of the Artificial Intelligent Assistant and optimised to have no value to a criminal. | | Method: | | 2. Knowledge is expressed as business rules that have a "cause and consequence" syntax. | | 3. Business rules are managed as declarative fourth generation language statements. | | 4. Support requests are continual improvements to the business requirement specification. | | 5. Data objects and their properties are transposed into fourth generation language statements. | | 6. Objects and properties are identified by glyphs. Functions and pages are identified by glyphs. K1145 is the glyph for the customer company name. P4115 is the glyph for the customer LP1 list. | | 7. Template standard documents are managed with placeholders as knowledge that may be shared with customers and suppliers. | | Procedure List: | | 8. The Knowledge Manager shall manage all knowledge in a secure way to ensure that it cannot be lost or stolen. |
| Encryption Policy. | | Objective: | | 1. BAS business data must be encrypted before it is stored so no business data can be stolen. | | 2. Rather than pay for cyber insurance to pay for the consequences of a data breach, it is better to pay for total encryption to stop a data breach. | | Method: | | 2. Every field is encrypted as part of its validation so it can only contain a permitted value. | | 3. Pseudonymised field values are replaced with tokens and a separate image used to hold the encrypted field values. | | 4. Different types of field are encrypted using a number of different encryption methods. | | 5. Records are a set of fields that is encrypted using yet another set of methods. | | 6. NoSQL has replaced SQL so all SQL injection vulnerabilities have been eliminated. | | 7. Record layouts can evolve in a way that old and new editions may coexist at the same time. | | Procedure List: | | 8. Encryption is built into every aspect of the Bespoke Application Service so no specific procedure list can be nominated. |
| Communication Policy. | | Objective: | | 1. BAS business data must not be disclosed or leaked by any communication between people. | | Method: | | 2. It is no longer reasonable to communicate business information by telephone or email. By law, every email must be copied and processed where the results may be sold to the highest bidder. By law, every phone call must be recorded and processed by agencies in all parts of the world. | | 3. The envelope and letter method of communicating has proven to be compliant with PECR subscription requirments and so it must be used. | | 4. Business Message Service has ben provided for all approved people and shall be used to communicate business data. People shall not get involved in any survey that discloses any business information or offers any business opinion. | | 5. Twitter Policy: | | People have the right to use Twitter as they choose, but do not have the right to disclose any business information. People will learn that once data is published, it is stolen and cannot be made private again. | | 6. Facebook Policy: | | People have the right to use Facebook as they choose, but do not have the right to disclose any business information. People must learn and understand that published information can only be used against that person at a future time in a different culture. | | 7. Data Breach Policy: | | People have a legal responsibility to the ICO to report an email or business data breach when their phone or laptop is stolen. BAS goes to a great deal of effort and cost to encrypt all business data but where copies of that data is stored in emails, then that person carries considerable liabilities for fines and compensation claims. | | Procedure List: | | 8. Process Audit Manager has responsibility to continuelly review and revise how communications can take place in complete safety and privacy. | | ..BMS.. |
| Health and Safety Policy. | | Objective: | | 1. BAS operations are subject to ISO 45001 Occupational Health and Safety standards. Each and every work place must be safe and secure. | | Method: | | 2. The ASP have a duty of care that people never sit working at a screen for more than one hour at a time. At least every hour, a person must get up and do something else for several minutes. A walk around the pool and though the gardens is needed to refocus the mind on what is important. | | 3. People are recommended to have a number of alternative work positions and have the ability to do some work when standing up. As a generalisation, all telephone calls should be made standing or walking. | | 4. Accident Policy: | | By law, every accident or incident that may have been an accident must be reported using the online accident facility. In the future, other people will benefit as the cause of accidents are eliminated. | | 5. Working at Height Policy: | | People will need to clean solar panels and will need to change light fittings and that may mean working at height. Training and the use of specialised equipment is more cost effective and a death or injury. | | 6. Lighting Policy: | | People will need sensible artificial lighting and suitable shade from direct sun light. Window blinds are a legal necessity. Dimmable lighting is needed with a shift towards red lighting later in the evening. Floor, exit and stair lighting is needed at ground level. | | Procedure List: | | 7. People mst take full responsibility for their own health and safety, while the company will exercise its duty of care by giving a person whatever it takes to work in a safe way. | | 8. The Facilities Manager has responsibility for the work place and the safety of people in that work place. | | ..ohs. |
| Document Control. | | 1. Document Title: Policy List. | | 2. Description: Policy List. | | 3. Keywords: Policy List. | | 4. Privacy: Shared with approved people for the benefit of humanity. | | 5. Edition: 1.2. | | 6. Issued: 24 Nov 2017. |
|
|