From d61d9d79bef287ba78af4fd4422b9645f639cb65 Mon Sep 17 00:00:00 2001 From: Guillaume Ross Date: Thu, 5 May 2022 14:06:05 -0400 Subject: [PATCH] Adding risk management policy (#5484) --- handbook/security-policies.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/handbook/security-policies.md b/handbook/security-policies.md index faeb15393..81c634200 100644 --- a/handbook/security-policies.md +++ b/handbook/security-policies.md @@ -43,6 +43,22 @@ Fleet requires all workforce members to comply with the following acceptable use 13. The use of Fleet company accounts on "shared" computers, such as hotel kiosk systems, is strictly prohibited. +### Risk management policy +*Created from [JupiterOne/security-policy-templates](https://github.com/JupiterOne/security-policy-templates). [CC BY-SA 4 license](https://creativecommons.org/licenses/by-sa/4.0/)* + +| Policy owner | Effective date | +| -------------- | -------------- | +| @GuillaumeRoss | 2022-06-01 | + +Fleet policy requires that: + +1. A thorough risk assessment must be conducted to evaluate potential threats and vulnerabilities to the confidentiality, integrity, and availability of sensitive, confidential and proprietary electronic information Fleet stores, transmits, and/or processes. + +2. Risk assessments must be performed with any major change to Fleet's business or technical operations and/or supporting infrastructure, no less than once per year. + +3. Strategies shall be developed to mitigate or accept the risks identified in the risk assessment process. + + ### Secure software development and product security policy *Created from [JupiterOne/security-policy-templates](https://github.com/JupiterOne/security-policy-templates). [CC BY-SA 4 license](https://creativecommons.org/licenses/by-sa/4.0/)* @@ -201,5 +217,4 @@ Fleet policy requires that: 2. use of high privilege accounts must only be performed when absolutely necessary. -