Information Policy : PR Agency One

Information Security Policy

Contents

1. Introduction
2. Information Security Policy Outline
3. Acceptable Use Policy
4. Disciplinary Action for Non-Compliance
5. Protection and Disposal of Stored Data Outline
6. Information Classifications and Categories
7. Physical Security
8. Protection of Data in Transit
9. Secure Disposal of Stored Data
10. Security Awareness and Procedures
11. Network Security
12. System and Password Policy
13. Anti-virus Policy
14. Patch Management Policy
15. Remote Access policy
16. Vulnerability Management Poli
17. Configuration Standards
18. Change Control Process
19. Penetration Testing Methodology
20. Incident Response Plan
21. Roles and Responsibilities
22. Third Party Access
23. User Access Management
24. Access Control Policy
25. Wireless LAN Policy
26. Contact Us

1. Introduction

This Information Security Policy encompasses all aspects of security surrounding confidential company information and any stored personal information. Although the focus of this document is on protecting Customer Information this can also include PR AGENCY ONE Employee information, company information, supplier information or any other information deemed to be important. This document will be reviewed and updated by Management on an annual basis or as and when relevant to include newly developed security standards or threats into the policy.

2. Information Security Policy Outline

PR Agency One processes customer personal information on a daily basis. This Information must have adequate safeguards in place to ensure its safety and integrity for the benefit of both the customer and the company.

PR Agency One commits to respecting the privacy of all its customers and to protecting any information about customers from outside parties. To this end management are committed to maintaining a secure environment in which to process this information so that we can meet these promises.

Employees handling customer information should ensure:

• All customer information is handled in a manner that is appropriate for the content
• They do not disclose customer information unless authorised
• They take all necessary steps to protect sensitive customer information
• They keep passwords and accounts secure
• They request approval from management prior to installing or configuring any new software or hardware, third party connections, modems, wireless access points etc
• Information security incidents are reported, without delay, to the relevant line manager or directly to the DPO

Everyone has a responsibility for ensuring the companies systems and data are protected from unauthorised access and improper use.

3. Acceptable Use Policy

The intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to PR Agency One established culture of openness, trust and integrity. Management are committed to protecting the company from illegal or damaging actions by individuals – either knowingly or unknowingly.

• Employees are responsible for exercising good judgment regarding the use of customer information
• Employees should ensure that they have appropriate credentials or training and are authenticated for the use of relevant software or hardware
• Employees should take all necessary steps to prevent unauthorized access to customer information
• Employees should ensure that technologies should be used and setup in acceptable network conditions
• Employees should keep passwords secure and should not share accounts
• Authorised users are responsible for the security of their passwords and accounts
• All computers should be secured with a password and locked when unattended
• All installed security software is working correctly and as intended. Any malfunctions should be reported, without delay, to the Technical Manager.
• Employees must use extreme caution when opening email attachments received from all senders, especially unknown senders, which may contain viruses, malware or other malicious code.

4. Disciplinary Action for Non-Compliance

Violation of the standards, policies and procedures outlined in this document by an employee will result in disciplinary action from warnings or reprimands up to and including termination of employment based on the severity. Claims of ignorance, good intentions or using poor judgment will not be used as excuses for non-compliance.

5. Protection and Disposal of Stored Data Outline

All customer information stored and handled by PR Agency One and its employees must be securely protected against unauthorised use at all times. Any customer information that is no longer required by PR Agency One for business reasons will be destroyed in a secure and irrecoverable manner.

6. Information Classification and Categories

Information stored by PR Agency One has been classified into one of the following three categories:

• Customer Information – Any and all information relating to customers. Access to this information should only be available to internal employees and the respective individual customer.
• Supplier Information – Any and all information relating to suppliers. Access to this information should only be available to internal employees.
• Employee Information – Any and all information relating to employees. Access to this information should only be available to the respective employee, their line manager, Management and any department that requires specific information eg Accounts & HR.

7. Physical Security Policy

All customer information must be securely protected from any physical vulnerabilities. This includes not only the security of PR Agency One offices and its contents but also portable devices such as laptops and mobile phones. This is to be achieved through strong AES-256 device encryption.

Entrance to the building must be secured through multiple measures including lock and key, coded door entry system, CCTV and 24/7 monitored security alarms.

Access to customer information in both physical media and electronic formats must be physically restricted to prevent access from unauthorised individuals. Physical media will be kept in locked cabinets and drawers or in individually locked rooms. Electronic data will be secured via strict and granular based permission hierarchies. All unnecessary USB ports and Network Points will be disabled. Media is defined as any printed or handwritten paper, removable media, back-up tapes, external hard drives etc.

Visits by customers, suppliers or other third-parties must be pre-arranged where possible and must always be verified by the employee they are visiting. Visitors must be escorted and monitored by a trusted employee whilst in areas where access to customer information or network access is available.

Employees should be trained to report suspicious behaviour of other employees, visitors, third parties as well as software/hardware including indications of tampering of devices to the appropriate personnel.

8. Protection of Data in Transit

All customer information must be protected securely if it is to be transported physically or electronically.

• Customer information on company laptops will be secured via AES-256 encryption as well as two-factor authentication.
• Customer information on mobile phones will be secured via device-specific encryption as well as a centrally managed PR AGENCY ONE Mobile Device Management (MDM) Solution.
• Customer information sent over email is not encrypted however sent from a fully licensed Exchange server that complies with SPF, DKIM and DMARC regulations.

9. Secure Disposal of Stored Data

All data must be securely disposed of when no longer required by PR Agency One regardless of the media or application type on which it is stored.

• All paper is crosscut shredded on site and bagged in a secure locked area before being disposed of securely via a third-party paper shredding and disposal company
• All other physical media is completely destroyed to an irrecoverable state and then disposed of via a third party disposal company
• All electronic data is destroyed to the DoD-5220.2 M standard ensuring it is completely irrecoverable via three secure overwriting passes.
• Data is destroyed 2 years after ceasing trade and/or communication with PR Agency One unless required for longer (eg financial data).

10. Security Awareness and Procedures

The policies and procedures outlined below must be incorporated into company practice to maintain a high level of security awareness. The protection of customer information demands regular training of all employees and contractors.

• Review handling procedures for sensitive information and hold periodic security awareness meetings to incorporate these procedures into day to day company practice.
• Making this security policy for all members of staff to read and encouraging them to do. Any changes made to the document through annual reviews must be made clear and communicated out to all staff.
• All employees will undergo background checks (such as criminal and credit record checks, within the limits of the local law) before they commence their employment with PR Agency One.
• All third parties with access to customer information are contractually obligated to comply with relevant legislation such as GDPR.
• Company security policies must be reviewed annually and updated as needed.

11. Network security

• Firewalls must be implemented at each point of entry into the company internal network
• All inbound network traffic is blocked by default, unless explicitly allowed and the restrictions have to be documented.
• All inbound and outbound traffic must be restricted to that which is required only. No unnecessary ports or routes are to be left open.
• Firewall and Router configurations must restrict connections between untrusted networks and any systems on the internal company network.
• Firewalls will be in place between any wireless networks and the internal company network
• No direct connections from Internet to the internal company network will be permitted. All traffic has to traverse through a firewall.
• Stateful Firewall technology must be implemented where the Internet enters the internal company network to mitigate known and on-going threats. Firewalls must also be implemented to protect local network segments such as corporate
• A topology of the firewall environment has to be documented and has to be updated in accordance to the changes in the network.

• A Firewall and Router configuration document must be maintained which includes a documented list of services, protocols and ports including a business justification
• Disclosure of private IP addresses to external parties must be authorized.
• Corporate Wireless Networks must be secured by a MAC-Address whitelist to prevent any unauthorised devices from connecting
• Guest WiFi networks must enforce Layer 2 Isolation and have no route to any other segment of the internal company network

12. System Configuration and Password Policy

All users, including contractors and third parties, who have access to PR Agency One systems, devices or portals are responsible for taking appropriate steps, as outlined below, to generate and secure their passwords

• A configuration standard must be developed along industry acceptable standards
• System configurations should be updated as new issues are identified
• System configurations must include common security parameter settings
• The systems configuration standard should be applied to any news systems configured.
• All vendor default accounts and passwords for systems have to be changed at the time of provisioning the system/device and all unnecessary services and user/system accounts must be disabled
• Security parameter settings must be set appropriately on system components
• All unnecessary functionality, services or protocols (HTTP Access, Telnet, FTP, TR069 etc) must be removed unless absolutely necessary
• Any insecure functionality, services or protocols in use must be documented and justified
• All users must use a password to access PR Agency One network or any other electronic resources
• All user accounts for terminated users must be deactivated or removed immediately
• The user will be locked out if there are several unsuccessful attempts. This locked account can only be enabled by the system administrator. Locked out user accounts will be disabled for a set period of time or until the administrator enables the account.
• All system and user level passwords must be changed on at least a quarterly basis.
• A minimum password history must be implemented.
• A unique password must be setup for new users and the users prompted to change the password on first login.
• Group, shared or generic user account or password and other authentication methods must not be used to administer any system components.
• System services and parameters will be configured to prevent the use of insecure technologies such as Telnet and other insecure remote login commands
• The responsibility of selecting a password that is hard to guess generally falls to users. A strong password must:
o Be at least 8 characters long
o Include mixed-case letters, if allowed
o Include digits and special characters, if allowed
o Not be based on any personal information
o Not be based on a single dictionary word, in any language

13. Anti-virus policy

• All machines must be configured to run the latest anti-virus software as approved by PR Agency One. The preferred application to use is MalwareBytes Enterprise Anti-Virus software, which must be configured to retrieve the latest updates to the antiviral program automatically on a daily basis. The antivirus should have periodic scanning enabled for all the systems.
• The antivirus software in use should be cable of detecting all known types of malicious software (Viruses, Trojans, adware, spyware, worms and rootkits)
• All removable media should be scanned by MalwareBytes before being used.
• All the logs generated from the antivirus solution have to be retained as per legal/regulatory/contractual requirements or at a minimum of 3 months
• Master Installations of the Antivirus software should be setup for automatic updates and periodic scans
• End users must not be able to modify any settings or alter the antivirus software
• Email with attachments coming from suspicious or unknown sources should not be opened. All such emails and their attachments should be deleted from the mail system as well as from deleted items.

14. Patch Management Policy

All computers, servers, software, system components etc owned by PR Agency One must have up-to-date system security patches installed to protect the asset from known vulnerabilities.

Where possible all systems and software must have automatic updates enabled for system patches released from their respective vendors. Security patches must to be installed within one month of release from the respective vendor.

15. Remote Access policy

• It is the responsibility of PR Agency One employees, contractors, suppliers or other third parties with remote access to the PR Agency One network to maintain the security and integrity of their authentication details.
• Secure remote access into the company internal network must be strictly controlled. Control will be enforced by two factor authentication where possible and strong passwords.
• Vendors or contractors with access to PR Agency One network will only be enabled during the time period the access is required and will be disabled or removed once access is no longer required.
• Remote access will only be established into PR Agency One network from a known or trusted location.
• Machines remotely connected to PR Agency One network must not be left unattended at any time.

16. Vulnerability Management Policy

• All known vulnerabilities would be assigned a risk ranking such as High, Medium and Low based on industry best practice.
• Any new vulnerabilities identified must be assessed, risk ranked and dealt with in a time scale relative to their risk rating.
• Annual reviews of existing vulnerabilities must be completed.

17. Configuration standards

• All systems must be configured in accordance with the applicable standard for that class of device or system. Standards must be written and maintained by the team responsible for the management of the system.
• Updates to network device operating systems or configuration settings that cause it to fall under these standards must be justified.
• All network device configuration must adhere to PR Agency One required standards before being placed on the network as specified in PR Agency One configuration guide.
• All network device configurations must be checked annually against the configuration guide to ensure the configuration continues to meet required standards.
• Where possible network configuration management software will be used to automate the process of confirming adherence to the standard configuration.

18. Change control Process

All change requests shall be logged on a central system. A documented audit trail containing relevant information shall be maintained at all times. This should include change request documentation, change authorisation and the outcome of the change.

All change requests shall be prioritised in terms of benefits, urgency, effort required and potential impact on operations.

Changes shall be tested in an isolated, controlled, and representative environment where possible if they are deemed to have significant potential impact on the system or network as a whole.

All users significantly affected by a change shall be notified of the change prior to its completion.

All major changes shall be treated as a project. Major changes will be classified according to effort required to develop and implement said changes.

Procedures for aborting and recovering from unsuccessful changes shall be in place should the outcome of a change be different to the expected result. Where possible fall back procedures will be in place to ensure systems can revert back to what they were prior to implementation of changes.

Documentation shall be updated on the completion of each major change and old documentation shall be archived or disposed of as per the documentation and data retention policies.

19. Penetration testing methodology

• All risks inherent in conducting penetration testing over the systems and network of PR Agency One should be documented including mitigation measures that will be taken.
Examples might be:

Risk: Denial of Service in systems or network devices due to network / port scans.

Mitigation measure 1: scans must be performed in a controlled manner. The start and end of the scan must be notified to responsible personnel to allow monitoring during testing. The scan will be aborted should issues arise.

Mitigation measure 2: scanning tools must be configured to guarantee that the volume of sent packets or sessions established per minute does not cause a problem for network elements. The first scans must be performed in a controlled manner and a use minimum configuration that may be expanded when it is evident that the configuration is not dangerous for network devices or servers in the organization.

• Key staff involved in the project will be listed

• External intrusion tests will be performed remotely from the suppliers premises .Internal intrusion tests will be conducted within PR Agency One office. The Audit team must have access to the company internal network.

• All the tests will be conducted from the equipment owned by the audit team so no equipment for the execution of the tests is required. The only requirement in this regard will be to have an active network connection for each member of the audit team. Those connections must provide access to the target network segment in every case.

• If an incident occurs during the execution of the tests that have an impact on the systems or services of the organisation the incident should be brought immediately to the attention of those responsible for incident management in the project.

• For all findings or vulnerabilities identified during the tests carried out documentation will be generated providing sufficient evidence to prove its existence and recommendations for resolution. The format of the evidence can be variable in each case eg screen capture, raw output of security tools, photographs, paper documents etc.

• As a result of tests performed should generate a document containing at least the following sections:

o Introduction
o Summary
o Methodology
o Identified Vulnerabilities
o Evidence
o Recommendations for correcting Vulnerabilities
o Conclusions

20. Incident Response Plan

Any major incident (accidental, intentional or deliberate) relating to communications or information processing systems must follow the below procedure. The attacker could be a malicious stranger, a competitor or a disgruntled employee and their intention can range from stealing / destroying information, stealing money or harming the reputation of the company.

Employees of PR Agency One will be expected to report any security related issues in line with the below procedure:

• Each department must report an incident to the DPO or Technical Manager (if available) or to their line manager.
• The incident will be investigated by the relevant team and assist the potentially compromised department in limiting the exposure of information and mitigating the risks associated with the incident.
• The relevant team will report the incident and findings to the appropriate parties.
• The relevant team will determine if policies and processes need to be updated to avoid a similar incident in the future and whether additional safeguards are required in the environment where the incident occurred.
• If unauthorised access hardware or devices (eg Wireless Access Points, Network Switches) are identified or detected as part of the investigation this is should be immediately escalated to the Technical Manager or someone with similar privileges who has the authority and ability to stop, cease, shut down and remove the offending device immediately.

21. Roles and Responsibilities

Technical Manager (or equivalent to) is responsible for:

• Creating and distributing security policies and procedures
• Monitoring and analysing security alerts and distributing information to appropriate employees and/or management
• Creating and distributing security incident response and escalation procedures
• Administer User Accounts and manage authentication.
• Monitor and control all access to the company internal network

Management Team are responsible for:

• Maintaining a list of service providers
• Ensuring there is a process for engaging service providers including proper due diligence prior to engagement.
• Ensuring that employees have read and understand this Information Security Policy

22. Third Party Access

Any Third Party who will be remotely accessing PR Agency One network will be granted permission and access on a per-case basis.

Access will be granted via secure methods only and will monitored at all times by the granting member of staff.

Third Parties will never have access or visibility to anything beyond what is required for the scope of the task they are carrying out on behalf of PR Agency One.

Only recognised and pre-authenticated third parties can be granted access. These must be pre-authenticated by the Technical Manager or the Management Team.

23. User Access Management

Access to the internal company network is controlled through a formal user registration process beginning with a formal notification from HR or from a line manager.

Each user is identified by a unique user ID so that users can be linked to and made responsible for their actions. The use of group or shared IDs is only permitted where they are suitable for the work carried out.

There is a standard level of access based on department. Any special or additional access must be authorised on a per-case basis.

Access to all company systems can only be started after proper procedures are completed.

As soon as an individual leaves PR Agency One employment all of his/her system logons must be immediately revoked.

24. Access Control Policy

Access Control configurations and procedures are in place to protect the interests of all users of PR Agency One computer systems by providing a safe, secure and readily accessible environment in which to work.

PR Agency One will provide all employees and other users with the information they need to carry out their responsibilities in as effective and efficient manner as possible.

Access rights will be determined and granted based on the users requirements and must be authorised by the users’ line manager.

Every user should attempt to maintain the security of data even if technical security mechanisms fail or are absent.

Users electing to place information on digital media or storage devices must have clear justification for doing so and, based on the quantity of data, authorised from relevant management.

Access to PR Agency One resources and services will be given through the provision of a unique Active Directory account and complex password.

No access to any PR Agency One resources and services will be provided without prior authentication and authorisation of a user’s PR Agency One Windows Active Directory account.

Password issuing, strength requirements, changing and control will be managed through formal processes.

Users are expected to become familiar with and abide by PR Agency One policies, standards and guidelines for appropriate and acceptable usage of the networks and systems.

Access for remote users shall be subject to authorisation by the relevant line manager and be provided in accordance with the Remote Access Policy and the Information Security Policy. No uncontrolled external access shall be permitted to any network device or networked system.

25. Wireless LAN Policy

PR Agency One will provide Wireless networks in the office premises that are fit for purpose and secured based on their requirement.

PR AGENCY ONE Staff network is purely to be used by company devices and is secured via complex password and Layer-2 MAC authentication. Devices requiring access to this network must be pre-configured and authenticated.

PR AGENCY ONE BYOD network is to be used by staff personal devices and is secured via complex password. This network is kept physically and logically separate from all other networks and routes out to the public internet via its own breakout.

PR AGENCY ONE Guest network is to be used by visitors including customers and suppliers and is secured via complex password and Layer-2 Isolation. This network is kept physically and logically separate from all other networks and routes out to the public internet via its own breakout.

Installation or use of any wireless device or wireless network intended to be used to connect to any of the PR Agency One networks or environments is strictly forbidden. Scans for both visible and hidden networks will be periodically carried out using inSSIDer or other tools.

If you have any questions about this Information Security Policy, please fill out our Contact Us form or call on:

Manchester: 0161 871 9140
London: 0203 092 1446

Posted September 10, 2019 by James Crawford

Cookie	Duration	Description
apbct_headless	never	Cleantalk set this cookie to detect spam and improve the website's security.
apbct_page_hits	never	CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site.
apbct_prev_referer	never	Functional cookie placed by CleanTalk Spam Protect to store referring IDs and prevent unauthorized spam from being sent from the website.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
ct_has_scrolled	never	CleanTalk sets this cookie to store dynamic variables from the browser.
ct_pointer_data	never	CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site.
ct_timezone	never	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
ts	1 year 1 month	PayPal sets this cookie to enable secure transactions through PayPal.
usprivacy	1 year 1 month	This is a consent cookie set by Dailymotion to store the CCPA consent string (mandatory information about an end-user being or not being a California consumer and exercising or not exercising its statutory right).
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
_dc_gtm_UA-*	1 minute	Google Analytics sets this cookie to load the Google Analytics script tag.
ct_checkjs	never	Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_fkp_timestamp	never	Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_ps_timestamp	never	Clean Talk sets this cookie to prevent spam on the site's comments or forms.
S	1 hour	Used by Yahoo to provide ads, content or analytics.
sp_landing	1 day	The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t	1 year	The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
spbc_secfw_ip_wl	25 days	CleanTalk sets this cookie for Spam protection, anti-spam, and FireWall.
v1st	1 year 1 month	The v1st cookie is set by TripAdvisor to collect details about how visitors use the website, by displaying user reviews, awards and information received on the TripAdvisor community.

Cookie	Duration	Description
__racnt	session	Ruler analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__racplx0	session	Ruler analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__racplx1	session	Ruler Analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__rafm	session	Ruler analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__rasel0	session	Ruler analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__rasel1	session	Ruler Analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__rasesh	1 year 1 month 4 days	Ruler analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__ratel0	session	Ruler analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
__ratel1	session	Ruler Analytics sets this cookie to monitor and analyse the effectiveness of our online marketing spend.
_dc_gtm_UA-24899441-1	1 minute	This cookie is placed by Google Analytics to store a number of service requests.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ct_screen_info	never	CleanTalk sets this cookie to complete an anti-spam solution and firewall for the website, preventing spam from appearing in comments and forms.
utm_campaign	past	Google Ad Services sets this cookie to store session campaign value if present.
utm_content	past	This cookie is used for storing the session content value if present.
utm_source	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.

Cookie	Duration	Description
gclid	past	Google Ads Click ID Collection for Conversion Import.
handl_ip	1 month	HandL UTM Grabber plugin sets this cookie to record the web browser's IP address.
handl_landing_page	1 month	HandL UTM Grabber plugin sets this cookie is used to record the very first page you visited on our site in your browser.
handl_original_ref	past	HandL UTM Grabber plugin sets this cookie to record the URL from which you came to our site.
handl_ref	past	HandL UTM Grabber plugin sets this cookie to record the URL from which you came to our site.
handl_url	1 month	HandL UTM Grabber plugin sets this cookie to form the URL on which we placed the code that generates.
NID	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
scribd_ubtc	10 years	Scribd sets this cookie to gather data on user behaviour across several websites and maximise the relevancy of the advertisements on the website.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
utm_medium	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_TEST_	session	It is a dailymotion.com cookie that allows verification of browser behavior towards third-party cookies.
COMPASS	1 hour	It is a Google Docs cookie. This cookie is placed when the Broken Link Checker plugin checks the Google Docs links status.
loglevel	never	Maintains settings and outputs when using the Developer Tools Console on current session.
VISITOR_PRIVACY_METADATA	5 months 27 days	Used to track and enrich the users privacy settings on the Youtube platform.

Information Policy

Call us today Manchester: 0161 871 9140 London: 0203 092 1446

Get in touch

Related Content

Featured Links