<This is both our model simplified security policy but is also the one used for our site>
Product Security Group establishes this security policy to protect employees, our company, and our customers.
It is important to know:
All employees, contractors, visitors, and vendors are responsible for following this policy.
Violations of this policy may be subject to actions in our Sanctions standard.
To send questions about this policy to the security team.
Company's Security Goals
C1 - To maintain a standards-based program to manage security.
C2 - Strive to build only secure applications.
C3 - Strive to deploy and operate secure systems and networks.
C4 - Strive to ensure everyone has the ability to work in the case of a disaster.
Everyone's Security Goals
E1 - To complete security training at least once a year.
E2 - To handle all data according to our standards.
E3 - To use the company's assets according to our acceptable use standards.
E4 - To ensure a secure and safe work environment.
E5 - To help us meet all our legal, compliance, contractual, and regulatory requirements.
E6 - To report insecure or suspicious activity to the security team.
E7 - To maintain the privacy of the information they may use.
E8 - To report risks to the security team who will manage them.
E9 - To undergo background screening before starting employment at the company.
E10 - To use only approved methods to access company assets.
E11 - To have all new technology or services reviewed by the security team.
E12 - To use their own device for business purposes as long as they follow our standards.
E13 - To read and attest to the security policies every year.
Exception Management
The security team's exception management process handles exceptions to this policy.