View on GitHub

using-cloud

Return to the index page Print this page

Using Lucidchart and Lucidpress

Government staff are responsible for checking the applications they use are secure. This guidance will help you use Lucidchart and Lucidpress securely.

Lucidpress is a web-based drag and drop publishing and page layout application for creating print or digital content. Lucidchart is a web-based diagramming tool similar to Microsoft Visio.

Securing your account

Secure your account by using:

You can also ask your IT team to setup single sign on.

Tell your Slack administrator if you :

Privacy

Don’t use Lucid apps to store sensitive, personal, or other high value data like commercial or financial information, that could cause harm if lost or exposed.

Content can be disclosed publicly under the Freedom of Information Act. All content in paid accounts can be retrieved by administrators.

Data is hosted in the US by Amazon Web Services and Lucid and may be subject to non-EU/UK laws and legislation.

Manage document permissions carefully to ensure only those who need access can see them.

Lucid don’t currently offer data protection under European law such as the EU-US Privacy Shield. You own the data you put in Lucid, and their technical security is similar to other popular public cloud services, however they reserve the right to review documents to help resolve problems or to ensure compliance with their terms of service, so you should not consider documents private.

If you cancel your account you should delete your data first or it may remain on Lucid servers.

Information management

Record or summarise important work information in a permanent record at regular intervals or at the end of a piece of work.

Use your document storage or email service to capture important discussions or decisions, and name the data so it can be found later as there is no content search within documents.

Download copies of your completed documents in PDF, PNG, or VDX.

Using Lucid apps

Only registered Team users are able to create and edit documents, but free accounts can create public documents and view documents people have shared with you.

Support

Your internal IT team may not support Lucid apps unless you have agreed that with them. There is a support site and status updates on twitter, but no service level agreement unless you have a paid account.

Like all cloud services the product could change over time. New features are added or may be withdrawn. We have little control over this beyond the feature request process. Registered users can participate in the process to help guide development.

Administrator configuration

Administrators should connect to an existing identity and access management service (if you are using a paid account). If this is not available regularly review and remove people who have left or no longer need access. Alternatively if you use G Suite you can require your users to authenticate via that.

If not using single sign on administrators should set a strong password policy but don’t require users to reset passwords frequently.

Administrators should also manage roles and managed access appropriately, limiting the number of people with administrator access. Separate administrator accounts from the general user accounts of administrators.

To keep license numbers down you can periodically revoke all user licenses. This reverts accounts to the free tier without deleting data. When a user next logs in they can click to switch back to a paid account. If users leave take control of their account and reassign, archive, or delete their data.

Allow users to connect Lucidchart and Lucidpress to Google Drive if it is used in your organisation, as it only requires permissions to files created in Lucid applications, not the entire Drive.

Consider a paid Enterprise account to prevent unmonitored use, manage document access, integrate into your existing single sign on service, and retain documents when people leave.

Return to the index page Print this page