Initial commit

themes/comply-soc2/policies/application.md

@@ -0,0 +1,33 @@
+name: Application Security Policy
+acronym: ASP
+satisfies:
+  TSC:
+    - CC6.2
+majorRevisions:
+  - date: Jun 1 2018
+    comment: Initial document
+---
+
+# Overview
+
+The Application Security Policy governs the use of applications deemed critical to {{.Name} Information Security.
+
+# Critical Applications
+
+The following applications are within the scope of this policy:
+
+* GitHub
+* Slack
+* Google Apps
+
+Applications supporting production data operations (specifically the AWS Console) are deliberately excluded from this policy.
+
+# Data Sensitivity
+
+Any company proprietary data may be stored within these *[Critical Applications]*.
+
+Customer support activities must be conducted entirely within the *[Critical Applications]*.
+
+# Other Applications
+
+Other applications not listed in *[Critical Applications]* may include company proprietary data, but must not contain any customer support or customer-owned data.