From f2feb6c13f4770080d3ea8f73174b9936e0f4673 Mon Sep 17 00:00:00 2001 From: Charles Cook <70321811+piemets@users.noreply.github.com> Date: Fri, 21 May 2021 17:24:45 +0100 Subject: [PATCH] Updated Security page in handbook (#1386) Added a buunch of links to our various SOC 2 policies on the Security page --- contents/handbook/company/security.md | 39 ++++++++++++++++++--------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/contents/handbook/company/security.md b/contents/handbook/company/security.md index afb4454b10fe..5556251ea07a 100644 --- a/contents/handbook/company/security.md +++ b/contents/handbook/company/security.md @@ -6,16 +6,29 @@ showTitle: true It is critical that everyone in the PostHog team follows these guidelines. We take people not following these rules very seriously - it can put the entire company and all of our users at risk if you do not. -## Password managers - -You **must** make use of a password manager; it simply isn't possible to use appropriate passwords securely without one. - -PostHog uses [1password](https://1password.com/) for storing all passwords. - -## Password strength - -Please use strong passwords for everything. Use the 1password password generator that comes with the app in all cases. Do not repeat passwords across different sites. - -## Two-factor authentication - -You should enable two-factor authentication for any account where the option is available, especially those which are core to your work. +## Security policies + +We are in the process of obtaining our SOC 2 certification, which has required us to put together a number of (short!) policies to ensure compliance. You will have been invited to Drata to review these and to complete security training as part of your onboarding. + +All of our policies can be found in our Drata portal, so this section of the Handbook just serves to make these policies publicly available in case you need to refer back quickly, or if a customer asks. These are only linked as PDFs so we only need to keep the policies up to date in Drata. + +- [Acceptable Use Policy](https://drive.google.com/file/d/1rZknmogF7B3KVxWqOAl278bUckWDv92v/view?usp=sharing) +- [Asset Management Policy](https://drive.google.com/file/d/14Z3Isvffwg7Y8X_ZHMvp_7gdvDujAwRe/view?usp=sharing) +- [Backup Policy](https://drive.google.com/file/d/19fKnj20U48rmkDPpes2wA_hK7hYH45aP/view?usp=sharing) +- [Business Continuity Plan](https://drive.google.com/file/d/1sJWpNr9U2aONrKOJyrbgKqxDi-h8Z3hx/view?usp=sharing) +- [Code of Conduct](https://drive.google.com/file/d/1qVtkxDBmKCMFUX3cgichKEsW0IylliQG/view?usp=sharing) +- [Data Classification Policy](https://drive.google.com/file/d/1VFoba8mrDiTHo0A0po1hLWWZ5gsfTSM6/view?usp=sharing) +- [Data Deletion Policy](https://drive.google.com/file/d/1FBNFBC0lZHi6VE1z-PYjlYHzERIkKBmX/view?usp=sharing) +- [Data Protection Policy](https://drive.google.com/file/d/1C-P0QxxaayEHgOdoUEiSvwY_VwriaFHo/view?usp=sharing) +- [Disaster Recovery Plan](https://drive.google.com/file/d/1VGOGvRE22NDsN0SV32ZtG27gNLJWVqbN/view?usp=sharing) +- [Encryption Policy](https://drive.google.com/file/d/1mX9s8gRRpOs7UpdZ48KGyCErL8a3DfZD/view?usp=sharing) +- [Incident Response Plan](https://drive.google.com/file/d/1Dnj_gELBJTMlqTagGs3Mv8JWMbaLXM54/view?usp=sharing) +- [Information Security Policy](https://drive.google.com/file/d/1Z2S-yl0jBPLVdl_0Qwc5kyIF3Dj3ypTp/view?usp=sharing) +- [Password Policy](https://drive.google.com/file/d/1Z2S-yl0jBPLVdl_0Qwc5kyIF3Dj3ypTp/view?usp=sharing) +- [Physical Security Policy](https://drive.google.com/file/d/17JkSfMC7ILuAm3YjZRCTB7i8eWLtkuN3/view?usp=sharing) +- [Responsible Disclosure Policy](https://drive.google.com/file/d/1ag8F2OA3FYUwRRAGbzMrDw1XV1QoqhNg/view?usp=sharing) +- [Risk Assessment Policy](https://drive.google.com/file/d/1mnqKDqZTjOI4EJhpbpbjcVmLzCMhZDki/view?usp=sharing) +- [Software Development Lifecycle Policy](https://drive.google.com/file/d/1FU8quDWJi66bJnAKc-9ZPPfL7Skp07n9/view?usp=sharing) +- [System Access Control Policy](https://drive.google.com/file/d/1jxiy9OpS4aCllDQJk88emnihWKUv6Uyq/view?usp=sharing) +- [Vendor Management Policy](https://drive.google.com/file/d/1AQxJ9k4V6kXzECdyS2Fn5h-BcXrgQQDi/view?usp=sharing) +- [Vulnerability Management Policy](https://drive.google.com/file/d/1bUxuBvTCAzMasG39ShtfnUjRm_2gM1Q3/view?usp=sharing)