Product Security Group establishes this security policy to protect employees, our company, and our
It is important to know:
- All employees, contractors, visitors, and vendors are responsible for following this policy.
- Violations of this policy may be subject to actions in our Sanctions standard.
- To send questions about this policy to the security team.
Company's Security Goals
To maintain a standards-based program to manage security.
Strive to build only secure applications.
Strive to deploy and operate secure systems and networks.
Strive to ensure everyone has the ability to work in the case of a disaster.
Everyone's Security Goals
To complete security training at least once a year.
To handle all data according to our standards.
To use the company's assets according to our acceptable use standards.
To ensure a secure and safe work environment.
To help us meet all our legal, compliance, contractual, and regulatory requirements.
To report insecure or suspicious activity to the security team.
To maintain the privacy of the information they may use.
To report risks to the security team who will manage them.
To undergo background screening before starting employment at the company.
To use only approved methods to access company assets.
To have all new technology or services reviewed by the security team.
To use their own device for business purposes as long as they follow our standards.
To read and attest to the security policies every year.
The security team's exception management process handles exceptions to this policy.
Appendix A: ISO 27001 Crosswalk/Mapping
||ISO 27002 Control #s
|P0 This policy
||6.1.1-6.1.5, 7.2.1, 7.2.3, 7.3.1, 12.7.1, 18.2.1-18.2.3
|E1 Awareness Training
|E2 Data Handling
||8.2.1, 8.2.2, 8.3.2, 8.3.3, 12.3.1, 13.2.1-13.2.4
|E3 Acceptable Use
|E4 Safe Work
||10.1.1, 18.1.1-18.1.3, 18.1.5
|C2 Secure Applications
||12.1.4, All 14
|C3 Secure systems
|| 10.1.2, 12.1.1-12.1.3, 12.2.1, 12.4.1-12.4.4, 12.6.1, 13.1.1-13.1.3
|E8 Risk Management
||8.1.1, 8.1.2, 8.1.4, 8.2.3, 8.3.1
|E9 Background Screening
|E11 Supply Chain
||12.5.1, 12.6.2, All 15
||6.2.2, All 17
|E13 Annual Review