1
0
mirror of https://github.com/strongdm/comply synced 2024-11-17 05:14:55 +00:00
comply/themes/comply-soc2/policies/application.md
2018-05-11 13:25:46 -07:00

907 B

name: Application Security Policy acronym: ASP satisfies: TSC: - CC6.2 majorRevisions:

  • date: Jun 1 2018 comment: Initial document

Overview

The Application Security Policy governs the use of applications deemed critical to {{.Name} Information Security.

Critical Applications

The following applications are within the scope of this policy:

  • GitHub
  • Slack
  • Google Apps

Applications supporting production data operations (specifically the AWS Console) are deliberately excluded from this policy.

Data Sensitivity

Any company proprietary data may be stored within these [Critical Applications].

Customer support activities must be conducted entirely within the [Critical Applications].

Other Applications

Other applications not listed in [Critical Applications] may include company proprietary data, but must not contain any customer support or customer-owned data.