1
0
mirror of https://github.com/strongdm/comply synced 2024-11-14 20:04:53 +00:00
comply/themes/comply-soc2/policies/application.md

33 lines
907 B
Markdown
Raw Normal View History

2018-05-10 01:02:33 +00:00
name: Application Security Policy
acronym: ASP
satisfies:
TSC:
- CC6.2
majorRevisions:
- date: Jun 1 2018
comment: Initial document
---
# Overview
The Application Security Policy governs the use of applications deemed critical to {{.Name} Information Security.
# Critical Applications
The following applications are within the scope of this policy:
* GitHub
* Slack
* Google Apps
Applications supporting production data operations (specifically the AWS Console) are deliberately excluded from this policy.
# Data Sensitivity
Any company proprietary data may be stored within these *[Critical Applications]*.
Customer support activities must be conducted entirely within the *[Critical Applications]*.
# Other Applications
Other applications not listed in *[Critical Applications]* may include company proprietary data, but must not contain any customer support or customer-owned data.