Updated Security page in handbook (PostHog#1386)

Added a buunch of links to our various SOC 2 policies on the Security page
marcushyett-ph · May 21, 2021 · f2feb6c · f2feb6c
1 parent c1e30e7
commit f2feb6c
Showing 1 changed file with 26 additions and 13 deletions.
diff --git a/contents/handbook/company/security.md b/contents/handbook/company/security.md
@@ -6,16  6,29 @@ showTitle: true
 
 It is critical that everyone in the PostHog team follows these guidelines. We take people not following these rules very seriously - it can put the entire company and all of our users at risk if you do not.
 
-## Password managers
-
-You **must** make use of a password manager; it simply isn't possible to use appropriate passwords securely without one.
-
-PostHog uses [1password](https://1password.com/) for storing all passwords.
-
-## Password strength
-
-Please use strong passwords for everything. Use the 1password password generator that comes with the app in all cases. Do not repeat passwords across different sites. 
-
-## Two-factor authentication
-
-You should enable two-factor authentication for any account where the option is available, especially those which are core to your work. 
 ## Security policies
 
 We are in the process of obtaining our SOC 2 certification, which has required us to put together a number of (short!) policies to ensure compliance. You will have been invited to Drata to review these and to complete security training as part of your onboarding.  
 
 All of our policies can be found in our Drata portal, so this section of the Handbook just serves to make these policies publicly available in case you need to refer back quickly, or if a customer asks. These are only linked as PDFs so we only need to keep the policies up to date in Drata. 
 
 - [Acceptable Use Policy](https://drive.google.com/file/d/1rZknmogF7B3KVxWqOAl278bUckWDv92v/view?usp=sharing)
 - [Asset Management Policy](https://drive.google.com/file/d/14Z3Isvffwg7Y8X_ZHMvp_7gdvDujAwRe/view?usp=sharing)
 - [Backup Policy](https://drive.google.com/file/d/19fKnj20U48rmkDPpes2wA_hK7hYH45aP/view?usp=sharing)
 - [Business Continuity Plan](https://drive.google.com/file/d/1sJWpNr9U2aONrKOJyrbgKqxDi-h8Z3hx/view?usp=sharing)
 - [Code of Conduct](https://drive.google.com/file/d/1qVtkxDBmKCMFUX3cgichKEsW0IylliQG/view?usp=sharing)
 - [Data Classification Policy](https://drive.google.com/file/d/1VFoba8mrDiTHo0A0po1hLWWZ5gsfTSM6/view?usp=sharing)
 - [Data Deletion Policy](https://drive.google.com/file/d/1FBNFBC0lZHi6VE1z-PYjlYHzERIkKBmX/view?usp=sharing)
 - [Data Protection Policy](https://drive.google.com/file/d/1C-P0QxxaayEHgOdoUEiSvwY_VwriaFHo/view?usp=sharing)
 - [Disaster Recovery Plan](https://drive.google.com/file/d/1VGOGvRE22NDsN0SV32ZtG27gNLJWVqbN/view?usp=sharing)
 - [Encryption Policy](https://drive.google.com/file/d/1mX9s8gRRpOs7UpdZ48KGyCErL8a3DfZD/view?usp=sharing)
 - [Incident Response Plan](https://drive.google.com/file/d/1Dnj_gELBJTMlqTagGs3Mv8JWMbaLXM54/view?usp=sharing)
 - [Information Security Policy](https://drive.google.com/file/d/1Z2S-yl0jBPLVdl_0Qwc5kyIF3Dj3ypTp/view?usp=sharing)
 - [Password Policy](https://drive.google.com/file/d/1Z2S-yl0jBPLVdl_0Qwc5kyIF3Dj3ypTp/view?usp=sharing)
 - [Physical Security Policy](https://drive.google.com/file/d/17JkSfMC7ILuAm3YjZRCTB7i8eWLtkuN3/view?usp=sharing)
 - [Responsible Disclosure Policy](https://drive.google.com/file/d/1ag8F2OA3FYUwRRAGbzMrDw1XV1QoqhNg/view?usp=sharing)
 - [Risk Assessment Policy](https://drive.google.com/file/d/1mnqKDqZTjOI4EJhpbpbjcVmLzCMhZDki/view?usp=sharing)
 - [Software Development Lifecycle Policy](https://drive.google.com/file/d/1FU8quDWJi66bJnAKc-9ZPPfL7Skp07n9/view?usp=sharing)
 - [System Access Control Policy](https://drive.google.com/file/d/1jxiy9OpS4aCllDQJk88emnihWKUv6Uyq/view?usp=sharing)
 - [Vendor Management Policy](https://drive.google.com/file/d/1AQxJ9k4V6kXzECdyS2Fn5h-BcXrgQQDi/view?usp=sharing)
 - [Vulnerability Management Policy](https://drive.google.com/file/d/1bUxuBvTCAzMasG39ShtfnUjRm_2gM1Q3/view?usp=sharing)