comply/example/policies/application.md

name: Application Security Policy acronym: ASP satisfies: TSC: - CC6.2 majorRevisions:

• date: Jun 1 2018 comment: Initial document

---

Overview

The Application Security Policy governs the use of applications deemed critical to {{.Name} Information Security.

Critical Applications

The following applications are within the scope of this policy:

• GitHub
• Slack
• Google Apps

Applications supporting production data operations (specifically the AWS Console) are deliberately excluded from this policy.

Data Sensitivity

Any company proprietary data may be stored within these [Critical Applications].

Customer support activities must be conducted entirely within the [Critical Applications].

Other Applications

Other applications not listed in [Critical Applications] may include company proprietary data, but must not contain any customer support or customer-owned data.