On This Page
Other policies
- Personnel policy
- Risk assessment policy
- Information classification policy
- Third party vendor review policy
- Incident response process
- Incident disclosure and notification policy
- Incident response policy
- BCP/DR policy
- Access control policy
- Password policy
- Change management policy
- Testing policy
- Patch management policy
- Data retention and deletion policy
Security policy ownership
All security policies are owned by the Chief Operating Officer (COO). The Security Review Team (members in Security, Engineering, and Operations) are responsible for reviewing the policies.
The Chief Operating Officer and the Security Review Team are responsible for implementing the processes and controls laid out in the security policies, and pulling in other employees as needed.
Schedule
The Chief Operating Officer is responsible for reviewing and updating security policies on a quarterly basis.