How Do I Create a Security Policy?

Follow

·

Get Training

Content policies provide the ability to place files with certain types of content in a restricted "Quarantine" area. The files will then require action from an Admin or Co-admin before they become available for use. To create a new content policy:


  1. Go to the Policies tab in the Admin Console policies_icon.png
  2. Click Add new policy

  3. Enter a name for your policy in the Policy Name field

  4. Select the action type for this policy and corresponding settings. You can create three different types of content policies:

Upload Policy

  1. Set policies that take action on files with certain information that have been uploaded to your organization’s account
  2. Specify the content that will activate this policy by selecting options under If a document contains:
    • Social Security Number: Files containing Social Security Numbers
.
    • Credit Card Number: Files containing 16-digit credit card numbers
.
    • File Type: Enter any file extension (standard or custom) in the field.
    • Custom words or numbers: Enter a custom word, phrase, or numerical string in the field.
    • Set breadth level: Select a level for this custom search:
      • Medium: No additional requirements for a valid match.
      • Narrow: One of the keywords/phrases in the list must be present within 20 characters of the numeric string for a valid match.
  3. Specify the action that will be taken on the uploaded file:
    • Move the file to quarantine section. Files will be moved to a quarantine folder; the following conditions apply:
      • The original uploader will be notified that the file violated the policy.
      • Collaborators will not be able to access the most recent, quarantined version of the file.
      • The uploader can rectify the violation by uploading a new version of the file or by deleting it.
      • You will have access to the file from the Quarantine in the Content Manager section of the Admin Console.
      • You will be able to approve the file, making it fully available, or reject it and delete it.
    • Notify the email addresses: Send notifications to the email addresses specified in the field; the following conditions apply:
      • Admins and Co-admins will not be notified that an upload policy violation has occurred unless their email addresses are specifically listed here.
      • Any email address can be listed.
      • You can also type in partial names or email addresses and select a user from an auto-populated list of matching users in your organization.
  4. Click Start Policy Now to enable your policy (it will take effect immediately)

Download Policy

  1. Download policies provide the ability to take action when your users’ download activity reaches a certain rate. To create a download policy:
  2. Specify the download activity threshold by selecting an option under If a user download activity is (download rates range from Low to High according to what’s normal for your organization).
  3. Specify the email addresses for the individuals who will be notified; the following conditions apply:
    • Admins and Co-admins will not be notified that a download policy violation has occurred unless their email addresses are specifically listed here
    • Any email address can be listed
    • You can also type in partial names or email addresses and select a user from an autopopulated list of matching users in your organization
  4. Click Start Policy Now to enable your policy (it will take effect immediately).

Sharing Policy

You can create a policy that sends notifications whenever content is shared with certain domains.

  1. Enter the domains that will activate this policy and trigger notifications in the field under If a user shares content.
    Note: Enter the domain name only (i.e.: domain.com) and hit enter or click the domain from the autopopulated list of suggestions.
  2. Specify the email addresses for the individuals who will be notified; the following conditions apply:
    • Admins and Co-admins will not be notified that a sharing policy violation has occurred unless their email addresses are specifically listed here
    • Any email address can be listed
    • You can also type in partial names or email addresses and select a user from an autopopulated list of matching users in your organization.
  3. Click Start Policy Now to enable your policy (it will take effect immediately)
Was this article helpful?
3 out of 6 found this helpful