Skip to content
Changineers Engineering Handbook

Facility Access and Physical Security

2026.1

Changineers is a remote-first company and has no physical offices for workers. When necessary, Changineers uses a rented office for in-person meetings but no information is stored on the premises.

Policy Statements

Section titled “Policy Statements”

Changineers policy requires that

(a) Changineers has no permanent facilities.

(b) Home offices utilised by Changineers employees and Subcontractors are treated as secure workspaces, no unauthorised access is permitted, and sensitive information must not be kept physically.

Controls and Procedures

Section titled “Controls and Procedures”

Physical Security

Section titled “Physical Security”

  • Workstation Security

    • Workstations may only be accessed and utilized by authorized workforce members to complete assigned job/contract responsibilities.
    • All workforce members are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as per the System Access Policy.
    • All workstations purchased by Changineers are the property of Changineers and are distributed to users by the company.

Data Center Security

Section titled “Data Center Security”

The platform runs on Amazon Web Services. Physical and environmental security of the data centres hosting Changineers’s infrastructure is AWS’s responsibility under the AWS shared responsibility model.

Clean Desk Policy and Procedures

Section titled “Clean Desk Policy and Procedures”

Employees must secure all sensitive/confidential information in their workspace at the conclusion of the work day and when away from their workspace. This includes both electronic and physical information such as:

  • computer workstations, laptops, and tablets
  • removable storage devices including CDs, DVDs, USB drives, and external hard drives
  • printed materials

Computer workstations/laptops must be locked (password protected) when physically unattended. Portable devices such as laptops and tablets should be taken home at the conclusion of the work day.

Removable storage devices and printed documents must be treated as sensitive material and locked in a drawer or similar when not in use. Printed materials must be immediately removed from printers or fax machines. Passwords must not be written down or stored physically.

Revision History

Section titled “Revision History”
DateSummaryApproved by
2020-01Initial revision.James Gregory
2026-04-24Simplified data centre security procedure to point to AWS shared responsibility.James Gregory

Hiring & onboarding

Acceptable use of AI tools Approved software

Building software

Engineering principles Secure development Solution design Shipping code Penetration testing

Shipping & operations

Operations security Architecture Change management Emergency change Configuration baselines Observability Threat detection Vulnerability management

Data

Customer data deletion

Resilience & response

Incident response

Public

Modern slavery statement Responsible disclosure

Deprecated (pending removal)

Security Program Overview Policy Management Compliance Audits and External Communications Security Architecture and Operating Model Roles, Responsibilities and Training Risk Management System Audits, Monitoring and Assessments HR and Personnel Security Access Facility Access and Physical Security Data Management Data Protection Secure Software Development and Product Security Configuration and Change Management Threat Detection and Prevention Vulnerability Management Mobile Device Security and Media Management Business Continuity and Disaster Recovery Incident Response Breach Investigation and Notification Third Party Security and Vendor Risk Management Employee Handbook Subprocessors