Cloudnaut IT and Information Security Policy Library¶
This library is the authoritative internal collection for IT and information security policies, standards, and supporting records used across Cloudnaut operations.
Policies are maintained under formal review, versioned, and published for consistent use in customer engagements, vendor assurance, onboarding, and internal governance.
This site is the policy library (narrative controls and standards). Certification and attestation evidence—for example certificate cover pages with scope and dates—is maintained in the internal register and supplied under confidentiality when reviewers require it; see Security Certifications and Attestations.
Document control¶
| Role | Name |
|---|---|
| Prepared by | Management / Security Owner (Cloudnaut) |
| Reviewed by | Nidhi Jain (third-party reviewer) |
| Approved by | Sandeep AC |
Revision history (library)¶
| Date | Summary | Reviewed by | Approved by |
|---|---|---|---|
| 2021-06-18 | Policy library go-live; linked documents versioned individually. | Nidhi Jain (third party) | Sandeep AC |
| 2024-03-11 | Annual review of landing content and navigation. | Nidhi Jain (third party) | Sandeep AC |
| 2026-05-14 | Clarified distinction between published policies and certification evidence. | Nidhi Jain (third party) | Sandeep AC |
Brand and design language¶
Company naming, logo usage, and the Logo Philosophy PDF are summarized on the Brand and design language page.
Training¶
- Information security awareness training — annual awareness module (suitable for PDF export); see also the training policy.
Policies¶
- Security Certifications and Attestations
- Information Security Training Policy
- Background Verification Policy
- Secure Software Development Lifecycle Policy
- Data Handling Policy
- Endpoint Security Policy
- Patch Management Policy
- Approved Development Tools and Plugin Policy
- Customer Deliverable Development and Review Policy
- Code Security Scanning Policy
- Engagement Access Isolation Policy
- Engagement Role Boundaries and Security Governance Policy
Index¶
- Policy index — quick reference by control area
Use and distribution¶
These documents are intended for internal use and controlled external sharing where contractually permitted. Customer-specific obligations, confidentiality terms, and evidence requests supersede general statements in this library when they impose stricter requirements.