using-cloud

Using HipChat securely

Government staff are responsible for checking the applications they use are secure. This guidance will help you use HipChat to communicate securely with colleagues.

HipChat is a cloud application for internal chat and messaging, either 1-to-1 or in a group. You can also use it to store files, make video calls, and search message history.

Securing your account

Secure your HipChat account by using:

• a password made up of 3 random words
• a secure (HTTPS) connection and a modern browser or a HipChat client app

If you have a corporate Google (G Suite) account use this to log in to HipChat, and enable two factor authentication on that account.

Tell your HipChat administrator if you:

• think someone may have accessed your account
• lose a device that can access your HipChat account (you should also reset your password)

You can also deactivate your account to prevent anyone from accessing it. Your administrator can reactivate your account later.

Protecting your data

To protect your data when using HipChat, make sure you:

• don't use HipChat to store sensitive, personal, or other high value data (like commercial or financial information) that could cause harm or embarrassment if lost or exposed
• use 1-to-1 chats when you need to control access
• restrict your HipChat account t o your domain if appropriate

Preserve an open working culture by only using private channels when absolutely necessary.

When using HipChat, you should also be aware that content, including archived or private content, can be:

• disclosed publicly under the Freedom of Information Act
• exported and viewed by administrators in paid HipChat accounts, including private rooms, but not 1-to-1 chats
• accessed on request by your administrator if not included in the export above, including 1-to-1 chats.
• subject to legal requests to share data by courts, government agencies, or parties involved in litigation in the US

Using HipChat for social or personal use must:

• not create exposure to legal liability or embarrassment
• not affect your performance or disrupt others
• follow the Civil Service Code

Images or files in HipChat can be accessed by anyone with the link, even if they can't access the room or chat it was posted to.

Atlassian - the company that runs HipCHat - have signed up to the EU-US Privacy Shield which requires them to follow European data protection requirements for personal data for their European customers. You own the data you put in HipChat, and their technical security is similar to other popular public cloud services.

Managing information

You must record or summarise important work in a permanent record at regular intervals or at the end of a piece of work.

Make sure you don't lose content by:

• creating a permanent record of shared information at regular intervals or at the end of a piece of work
• using your document storage or email service to capture important discussions or decisions (name the data so it can be found later)

You can export data from HipChat by:

• copying and pasting the text (while noting the date)
• taking a screenshot
• asking your administrator for an export

Getting started

Ensure your account looks official and similar to other government HipChat accounts by:

• setting your @mention name to FirstLastORGANISATION (for example AlexBlackMOJ)
• use a recognisable profile photo
• add your role to the Job title section

You can alert others to content you have shared on HipChat by typing @all or @here. This can trigger notifications on their computer or phone. You can read the HipChat guidance on ' Making an announcement' to understand how these alerts working the meaning of these alerts.

Getting help

For help using HipChat, you can:

• use their getting started guide
• find your administrators at: https://yourdomain. hipchat.com/people

HipChat offer support through a:

• support page
• status page

You may also get help from your internal IT team if they have agreed to do it.