Your security responsibilities as a DISCO user

Although we do everything we can to make sure that the DISCO ecosystem is secure, security on any cloud-based software must be a responsibility shared between the service provider (us) and the users (you). Security is a shared responsibility because nothing we can do solely on our end can make your account 100% secure without your help. Think of an apartment building – if your landlord installed strong steel doors and the best deadbolts money could buy, but you were constantly propping the door open with a chair or giving out copies of your key to total strangers, it wouldn’t be very secure, right?

Similarly, we strive to provide our DISCO users with the highest level of security, but if you decide to post your password to Twitter or share your user account with a friend, you are failing to uphold your side of the shared responsibility. Below is a list of your security responsibilities as a DISCO user.

• You are responsible for not sharing your DISCO user ID and/or password.
• You are responsible for who you invite to be a user on your DISCO.
• You are responsible for verifying that their level of access is appropriate and commensurate with their job responsibilities.
• You are responsible for terminating the user accounts of any individuals you wish to no longer have access to your DISCO.
• You are responsible for requesting that multi-factor authentication be enabled and approving or denying requests to reset multi-factor authentication
• You are responsible for maintaining the security of the email account you use for your DISCO user account, as unauthorized access to your email account could be used to facilitate unauthorized access to your DISCO account.
• You are responsible for reporting any known or suspected security incidents to us.
• You are responsible for reaching out to DISCO using the authorized and proper support channels.
• You are responsible for ensuring that your team only shares content with the appropriate parties.
• You are responsible for establishing controls to validate that only authorized and valid data is uploaded to DISCO by your team.
• You are responsible for contacting us if you wish to enable a setting that requires any new passwords used on your DISCO be of a higher strength.
• You are responsible for maintaining the security of the devices you use to access DISCO, which includes the installation and maintenance of both antivirus software and security patches.

If you have any questions about any of these responsibilities, please contact our Support team via chat or email.