ICARAS Website Management Policy

1. Introduction

The ICARAS website is of strategic importance to the reputation and operation of our business. We use it to provide clients with information about the security services we provide, our experience and related updates.

2. Definition

The business website for ICARAS is https://icaras.nz. This domain name is owned on a long-term basis with ownership renewed at appropriate intervals. ICARAS also owns https://icaras.co.nz that defaults to //icaras.nz

Materials and information contained on the website is for general information and does not constitute legal advice. ICARAS general business Terms and Conditions hosted on the website, ratifies our web information status.

3. Hosting, design, and security

The website is designed and hosted for ICARAS by SquareSpace with the domain name managed by Xuba on an annual fee basis (Oct renewals). SquareSpace affords ICARAS the ability to conduct content management internally.

SquareSpace are responsible for fundamental structure of the core building block for the website and provide support to ICARAS designated content change agents. ICARAS content changes are at the direction of the ICARAS CE and website content management forum. The website is an “https” to support enhanced security, and the general subject matter and user groups engaging with website.

The website sits on dedicated servers behind a WAF and is backed-up to prevent loss of content and afford the business cyber resiliency in the event of a cyber-attack.

There is also a downtime alarm that notifies key ICARAS personnel when the website has dropped, minimising impact on the business and new clients engaging with the website at the time.

Only the designated ICARAS Business Manager (BM) and Chief Executive (CE) will have physical access to the website application layer. Related access application passwords will change on a quarterly basis. Should the BM or CE leave the business, passwords will be changed has part of employee departure administration.

4. Responsibilities

The ICARAS CE has the overall responsibility for the website within the business, with day-to-day responsibility delegated to the BM.   It is their responsibility to ensure:

All content is as accurate as possible

Content does not infringe copyright
Content is always up to date allowing a reasonable time to implement updates
All material uploading is approved and recorded by the ICARAS website content management forum
All contact the business execution buttons throughout the website function effectively
The website is hosted securely, and uptime levels exceed 95%

Password management for all content management is effective and protects unauthorised access from making changes on the site
Website performance is measured and regularly reported via self-analysis of data
Website availability and security issues are monitored, and any issues raised are addressed with appropriate recovery action taken immediately
Appoint selected business resources as participants of the website content management forum for ongoing input and refreshing of the website

5. Permitted and prohibited use

The ICARAS website will be used to promote independent professional security services delivery. Any content should seek to include:

Why security is important and is everyone’s responsibility

Specific and/or the range of security services provided by the business
General information regarding the firm such as its history and profile
Customer/client logos and/or recommendation statements or quotes were optimal
Staff profile information

Positive news/success stories regarding the business
Business ‘contact us’ details (accessible from every page of the website)

Content that is not permitted on the website includes:

Libellous content

Detailed personal information
Misrepresentation & misleading claims
Sensitive records or images

6. Compliance

ICARAS will ensure its website complies with the NZ Digital Service Design Standards (2018) and the new NZ Privacy Act update (2020) requirements for accessibility, usability, and consent for use of website hosted information as applicable.

The website must include (but is not limited to) the following content:

The businesses registered name and number

Accurate and current contact details
Viewable and usable overview of business services

Relevant professional service authorisations, certifications, endorsements, or regulations

7. Regular review of the website

The ICARAS website content management forum will conduct a full review of the website content and utility twice annually.

8. Policy Review

This policy will be reviewed annually, or when there is a change of executive management at ICARAS, or new NZ website legislation is directed. The responsibility for implementation and review of this policy lies with the ICARAS CE.