# Internal security procedures

| CONTROL                                                                                                                                                                                                                                                                                                                           | STATUS |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| <p><strong>Continuity and Disaster Recovery plans established</strong></p><p>The company has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.</p>                              | ✅      |
| <p><strong>Configuration management system established</strong></p><p>The company has a configuration management procedure in place to ensure that system configurations are deployed consistently throughout the environment.</p>                                                                                                | ✅      |
| <p><strong>Development lifecycle established</strong></p><p>The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.</p> | ✅      |
| <p><strong>Management roles and responsibilities defined</strong></p><p>The company management has established defined roles and responsibilities to oversee the design and implementation of information security controls.</p>                                                                                                  | ✅      |
| <p><strong>Incident response policies established</strong></p><p>The company has security and privacy incident response policies and procedures that are documented and communicated to authorized users.</p>                                                                                                                     | ✅      |
| <p><strong>Physical access processes established</strong></p><p>The company has processes in place for granting, changing, and terminating physical access to company data centers based on an authorization from control owners.</p>                                                                                             | ✅      |
| <p><strong>Data center access reviewed</strong></p><p>The company reviews access to the data centers at least annually.</p>                                                                                                                                                                                                       | ✅      |
| <p><strong>Risk management program established</strong></p><p>The company has a documented risk management program in place that includes guidance on the identification of potential threats, rating the significance of the risks associated with the identified threats, and mitigation strategies for those risks.</p>        | ✅      |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.scribe-mail.com/scribe/security/what-scribe-does-concerning-security/internal-security-procedures.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.