In this guide we will explain how to initially set up the Compliance Suite within HighSide.
The high-level process for setting up the Compliance Suite is as follows:
- Your team's "Super Admin" initiates the set up from the settings area of their account (as explained in this article below).
- Your designated compliance officer (who will have access to, and who will maintain, the compliance suite) will need to install the compliance suite on a separate computer/server that does not have any other instance of HighSide already running on it.
- Then, the Super Admin and designated compliance officer will need to securely swap certain credentials in order to activate the compliance suite.
Note: This guide is written from the perspective of a HighSide Super Admin - Check here for the set up guide written from the perspective of the designated compliance officer/user.
Starting the Set up
In order to start the set up of the HighSide Compliance Suite you will need to be a Super Admin; only Super Admins are able to see the Compliance Suite setup screens.
As the Super Admin, in HighSide, go to Settings > Team Admin > Compliance Suite
From there you will see a button that says "Setup New Compliance Bot" You will need to click that button and read the prompt carefully.
After clicking the blue button that says "Setup New Compliance Bot", an activation token will appear.
Note: This is the token your compliance team will use to access the Compliance Suite dashboard and finish setting up the bot. DO NOT LINK THE BOT YET! You will have to set up the bot in the next step to get the bots address to complete setup.
Copy the activation token and send that to your designated compliance officer/user; this is the token they will use to set up the bot and compliance suite.
After this you will have to wait for your compliance team to set up their end of the bot and send you back the bot's own HighSide address.
Once you have received the bot's HighSide address, you will go back to the compliance suite and click "Finish Compliance Bot Setup"
This will then prompt you for the bot's address and you will input the address you have received from the compliance team. Click the blue button that says "Finish Compliance Bot Setup" and, Congrats! The Compliance Bot has been completely setup and it should say "Active" next to the bot.
Once it says "Active" next to the bot, setup is complete and your compliance team will now have access to all messages/event logs being sent throughout your HighSide team!
Security Best Practices & Considerations
Because the compliance suite has access to all of your team's messages, files and logs, we highly recommend that you follow security best practices while setting up the compliance suite, installing it on a new device, and while operating the compliance suite.
The compliance suite can run on any desktop/laptop/server of your choosing, but we recommend that whatever device you choose be designated exclusively for running and operating the compliance suite.
What does this mean? If you choose to install the compliance suite on Desktop A, Desktop A should be purpose-built and used exclusively for running the compliance suite. Desktop A should not be used as a normal workstation; it should not be used to surf the internet, to run other apps or programs, to check email, etc. Desktop A should be exclusively used for the compliance suite.
Ideally, Desktop A would never connect to the internet for any purpose other than operating the compliance suite. It would be stored in a secure location and accessed only by approved compliance users. It should never be connected to a printer or external media device like a USB.
Why? Because every time you surf the internet, install an app, open an email or click on a link, you can potentially compromise the security of Desktop A (even if it is running antivirus software). Desktop A could become infected with malware, or the keys for the compliance suite could become compromised. For these reasons, it is advisable to control access to, and limit use of, Desktop A.
The designated compliance user should always be using multiple forms of MFA for their account. Additionally, the desktop/server/laptop that is running the compliance suite should have strong OS-level disk encryption (popular operating systems such as Mac OS and Windows 10 offer this by default).
For questions or assistance in securing/selecting a device for the compliance suite, please contact us.