IT / ITSEC Policy Index¶
This index lists the Cloudnaut IT and information security policy library by control area. Each entry points to the governing document.
| Control area | Policy document |
|---|---|
| Brand, logo, and design language | Brand and design language |
| Certifications and attestations | Security Certifications and Attestations |
| Security awareness and training | Information Security Training Policy |
| Security awareness training (deliverable / PDF source) | Information security awareness training |
| Personnel screening | Background Verification Policy |
| Secure development and delivery | Secure Software Development Lifecycle Policy |
| Data classification and handling | Data Handling Policy |
| Endpoint hardening, encryption, anti-malware, host firewall | Endpoint Security Policy |
| Operating system patching | Patch Management Policy |
| Development tools, IDEs, plugins, repository isolation | Approved Development Tools and Plugin Policy |
| Customer code and infrastructure-as-code deliverables | Customer Deliverable Development and Review Policy |
| Code and dependency security scanning | Code Security Scanning Policy |
| Engagement and customer access separation | Engagement Access Isolation Policy |
| Security-related services and governance role boundaries | Engagement Role Boundaries and Security Governance Policy |