Exit Management

The nature of the services offered by GOSS Interactive often involves the storage of client data. GOSS Interactive treats the security and privacy of data during handling and storage with the highest priority.

Data Held in GOSS Systems

Data relating to (but not necessarily owned by) a Client will be present in the systems used by GOSS Interactive. These systems are often specific to the departments at GOSS Interactive that use them. The destruction or archiving of the data held in these systems is the responsibility of the relevant department at GOSS Interactive, overseen by the Account Manager, as set out in the model Client Leaver Checklist.

Data on the GOSS Website or in GOSS Publications

As well as data held in systems used by GOSS Interactive, client data may also be present on the corporate GOSS Interactive website or present in GOSS Publications. This data may be:

• Secure information in the "Client Resource Area"
• Marketing material, such as the "List of GOSS Clients"
• Quotes from the Client used in areas like "Training Feedback"

The GOSS Interactive website is maintained by the GOSS Marketing Department and data within the website will be removed as set out in the model Client Leaver Checklist.

Data published in GOSS Publications will be removed as new editions of those publications are produced. This data will typically be of a marketing nature and will generally be limited to Client logos or quotes used with permission.

Hosted Data

As a hosting provider GOSS Interactive stores data owned by the Client. This data may be held in a database, media files, secure storage area or in a shared repository.

The transfer method of this data will be confirmed with the Client during the Exit Plan. The preferred transfer method of GOSS Interactive is secure FTP. Any other secure methods of transfer may incur additional cost and will need to be agreed as part of the Exit Request.

In line with the model Client Leaver Checklist, GOSS Interactive will transfer data from GOSS Hosted Services to the Client at the Point of Exit. This data may include:

• The GOSS iCM database of the hosted Production (Live) website
• Third party databases hosted by GOSS Interactive for the Client
• Media items used by the hosted Production (Live) website uploaded via GOSS iCM
• Files held in website specific storage areas accessible via FTP or GOSS iCM's "File Manager" in the hosted Production (Live) environment
• Files held on the GOSS Interactive Client FTP Server
• Any logs generated by the website (such as HTTPS logs) that may be relevant

For data held in shared repositories that the Client has access to, it will be assumed that the Client retrieves a copy of this data prior to it being archived or destroyed by GOSS Interactive.

Data held in Test, Pre-Production, Development, QA or Local environments are subject to the same data handling procedures as the Production (Live) environment. Unless specifically requested, data in these environments will be destroyed without copies being given to the Client.

Disposal of Data

Anything that contains data is destroyed in line with our ISO27001 procedures. The GOSS ISO27001 certified Security Manual details the processes adopted by the business for the secure disposal of any hardware/software/tapes/data throughout GOSS Interactive. All removable media such as CDROM, USB, flash drive, hard-drive etc is reformatted and/or destroyed before disposal following the GOSS Disposal of Asset procedure. Hard copies of confidential documents are disposed of appropriately when no longer required by secure shredding.

Client Property

Client property held by GOSS Interactive, such as laptops required for remote access or RSA Tokens, will be returned to the Client in line with their own procedures and requirements. The Client will be responsible for arranging the return of client property.