name: Application Security Policy
acronym: ASP
satisfies:
  TSC:
    - CC6.2
majorRevisions:
  - date: Jun 1 2018
    comment: Initial document
---

# Overview

The Application Security Policy governs the use of applications deemed critical to {{.Name} Information Security.

# Critical Applications

The following applications are within the scope of this policy:

* GitHub
* Slack
* Google Apps

Applications supporting production data operations (specifically the AWS Console) are deliberately excluded from this policy.

# Data Sensitivity

Any company proprietary data may be stored within these *[Critical Applications]*.

Customer support activities must be conducted entirely within the *[Critical Applications]*.

# Other Applications

Other applications not listed in *[Critical Applications]* may include company proprietary data, but must not contain any customer support or customer-owned data.