mirror of
https://github.com/strongdm/comply
synced 2024-11-09 01:14:53 +00:00
33 lines
907 B
Markdown
33 lines
907 B
Markdown
|
name: Application Security Policy
|
||
|
acronym: ASP
|
||
|
satisfies:
|
||
|
TSC:
|
||
|
- CC6.2
|
||
|
majorRevisions:
|
||
|
- date: Jun 1 2018
|
||
|
comment: Initial document
|
||
|
---
|
||
|
|
||
|
# Overview
|
||
|
|
||
|
The Application Security Policy governs the use of applications deemed critical to {{.Name} Information Security.
|
||
|
|
||
|
# Critical Applications
|
||
|
|
||
|
The following applications are within the scope of this policy:
|
||
|
|
||
|
* GitHub
|
||
|
* Slack
|
||
|
* Google Apps
|
||
|
|
||
|
Applications supporting production data operations (specifically the AWS Console) are deliberately excluded from this policy.
|
||
|
|
||
|
# Data Sensitivity
|
||
|
|
||
|
Any company proprietary data may be stored within these *[Critical Applications]*.
|
||
|
|
||
|
Customer support activities must be conducted entirely within the *[Critical Applications]*.
|
||
|
|
||
|
# Other Applications
|
||
|
|
||
|
Other applications not listed in *[Critical Applications]* may include company proprietary data, but must not contain any customer support or customer-owned data.
|