Skip to main content

Upload Artefacts and Documents to Apollo Secure

This document outlines which artefacts and documents are required, and the steps to upload artefacts and documents to Apollo Secure.

Damien Cantelo avatar
Written by Damien Cantelo
Updated over 7 months ago

As part of Apollo Secure’s security assessments, we review internal artefacts or documents. To ensure assignment efficiency and avoid delays, clients are to submit artefacts prior to the commencement date via Apollo Secure’s artefact repository.

Step 1: Log in & Navigate to Tools/Artefacts

  1. Log in to Apollo Secure using your credentials (or Google/Microsoft credentials, if configured)

  2. Navigate to the Tools/Artefacts section on the left-hand menu bar.

    • Note: You need ‘Owner’ privileges to access this. Contact your administrator or another Owner for access.

  • Select ‘Artefacts’ tab in the top menu bar

Step 2: Upload or link to a shared artefact/document

You may choose to either upload artefacts/documents, or link to shared artefacts/documents that reside on your internal files stores/repositories.

1. Link to URL (recommended)

Our recommendation and first preference is to always link to shared documents, which provides an additional level of access control, and avoids taking unnecessary copies of artefacts/documents. You will need to first generate a sharable link with ‘view only’ permissions from your internal file stores/repositories.

2. Upload File

If linking isn’t possible, upload the artefacts/documents directly (documents, images, etc).

Step 3: List of artefacts/documents to upload

Upload examples of the following or similar documents, if available:

1. Client Agreements

  • Contracts that include handling or processing client information

  • Standard terms/agreement templates

  • Bespoke client agreements

2. Supplier Agreements

Focus on suppliers who handle your confidential, personal (including personal sensitive), or restricted information:

  • General services suppliers

  • IT service providers

  • Software Licence Agreements for business applications

3. Company Policies & Procedures

  • Privacy Policy (external, may be displayed on your website)

  • Employee Privacy Policy

  • Website Terms of Use

  • Employment Terms & Conditions or Employment Agreement

  • Working from Home or Abroad policies

  • Staff Code of Conduct

  • Industry or sector specific regulations or guidance

4. IT & Security specific Policies & Procedures

  • IT Acceptable Use Policies for employees (may include ‘Bring Your Own Device’ policies)

  • Data Handling Policies

  • Cyber Incident Management Plan or Data Breach Response Plan or equivalent

  • Information Security Policies

  • Security Awareness Training documentation, presentations or guidance

5. IT Configuration & Operations

  • IT Device/Server Standard Operating Environment Configuration documentation or evidence thereof

  • Reporting of anti-virus/anti-malware, system patch and/or vulnerability scans

  • Vulnerability scans of public or internal end points (you may redact as required)

  • Penetration test reports (you may redact as required)

  • Business Continuity and/or Disaster Recovery Plans

Step 4: Inform your lead consultant when complete

Once the upload is complete, ensure the file is accessible and inform your lead consultant of the upload’s completion.

Did this answer your question?