Internal security procedures
CONTROL | STATUS |
Continuity and Disaster Recovery plans established The company has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel. | ✅ |
Configuration management system established The company has a configuration management procedure in place to ensure that system configurations are deployed consistently throughout the environment. | ✅ |
Development lifecycle established The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements. | ✅ |
Management roles and responsibilities defined The company management has established defined roles and responsibilities to oversee the design and implementation of information security controls. | ✅ |
Incident response policies established The company has security and privacy incident response policies and procedures that are documented and communicated to authorized users. | ✅ |
Physical access processes established The company has processes in place for granting, changing, and terminating physical access to company data centers based on an authorization from control owners. | ✅ |
Data center access reviewed The company reviews access to the data centers at least annually. | ✅ |
Risk management program established The company has a documented risk management program in place that includes guidance on the identification of potential threats, rating the significance of the risks associated with the identified threats, and mitigation strategies for those risks. | ✅ |
Last updated