📄
Content Library
  • Uncanny Software
  • Blog Posts
    • Using 1Password to share local secrets
    • How I Maintain OSS Projects
    • A Style Guide For HTML & CSS
    • The Reddit blackout is a lesson in risk management
  • Developer Documentation
    • Balena Push
    • Card Dealer
    • A Guide to Story Point Estimation
    • Guidelines for Translating Your Project using i18next
  • InfoSec Policies
    • Access Control Policy
    • Information Classification Policy
    • Password Management Policy
    • Physical Security Policy
    • Business Continuity Policy
    • Information Security Policy
    • Data Classification Standard
    • System Change Management Policy
    • Vendor Management Policy
    • Removable Media
    • Mobile Device Policy
    • Vulnerability Scanning Policy
    • Media Disposal Policy
    • System Hardening Policy
    • Encryption Policy
    • Intellectual Property Policy
  • Management
    • finops
    • information-technology
    • Operations
    • People Management
    • Program Scaling
Powered by GitBook
On this page
  • Purpose
  • Scope
  • Policy
  • Endpoint Protection
  • Production Data
  • Encryption Keys
  • Roles and Responsibilities
  • Violations
  • Definitions
  • References
  • Related Documents
  • Revision History
  1. InfoSec Policies

Encryption Policy

Purpose

The purpose of this policy is to outline the type of device that needs to be encrypted as well as when the encryption should be utilized.

Scope

This policy covers all endpoints capable of storing electronic data that is owned by Uncanny Software. It will also cover our general policy of all data must be encrypted At Rest and In Transit. This policy also covers the instances under which encryption should be utilized.

Policy

Endpoint Protection

Encryption should be used everytime Uncanny Software owned data is being transferred. Any transfer of Uncanny Software owned data must take place via an encrypted channel. Encryption is required for all laptops and workstations that are used to store Uncanny Software data. All Uncanny Software endpoint laptops shall have their hard drives encrypted with the latest available encryption tool provider by the OEM. There are no exceptions to hard drives being encrypted.

Production Data

  • At Rest - All data at rest, regardless of data classification, in our cloud provider shall be encrypted with a minimum of AES256 encryption. The cryptographic keys are to be managed by the GCP tool set and management key system.

  • In Transit - All data in transit, regardless of data classification, shall be encrypted by a minimum of TLS 1.2. Any web connections must be secured via https. No system within our technology stack may utilize unencrypted connections.

Encryption Keys

Uncanny Software encryption keys are stored and managed by Google’s Cloud Key Management system (KMS).

Roles and Responsibilities

Uncanny Software IT personnel will provide, install, and maintain encryption. Licenses are purchased by Uncanny Software and are assigned to all employees. IT configures all endpoints with required software which includes VPN.

Violations

Any violation of this policy may result in disciplinary action, up to and including termination of employment. Uncanny Software reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Uncanny Software does not consider conduct in violation of this policy to be within an employee’s or partner’s course and scope of employment, or the direct consequence of the discharge of the employee’s or partner’s duties. Accordingly, to the extent permitted by law, Uncanny Software reserves the right not to defend or pay any damages awarded against employees or partners that result from violation of this policy.

Any employee or partner who is requested to undertake an activity which he or she believes is in violation of this policy, must provide a written or verbal complaint to his or her manager, any other manager or the Human Resources Department as soon as possible.

Definitions

  • Account (User ID or Username) – A unique string of characters assigned to a user by which a person is identified to a computer system or network. A user commonly must enter both a user ID and a password as an authentication mechanism during the logon process.

  • Confidential Information (Sensitive Information) – Any Uncanny Software information that is not publicly known and includes tangible and intangible information in all forms, such as information that is observed or orally delivered, or is in electronic form, or is written or in other tangible form. Confidential Information may include, but is not limited to, source code, product designs and plans, beta and benchmarking results, patent applications, production methods, product roadmaps, customer lists and information, prospect lists and information, promotional plans, competitive information, names, salaries, skills, positions, pre-public financial results, product costs, and pricing, and employee information and lists including organizational charts. Confidential Information also includes any confidential information received by Uncanny Software from a third party under a non-disclosure agreement.

  • Partner – Any non-employee of Uncanny Software who is contractually bound to provide some form of service to Uncanny Software.

  • Password – An arbitrary string of characters chosen by a user that is used to authenticate the user when he attempts to log on, in order to prevent unauthorized access to his account.

  • System Privileges – Advanced powers or authorities within a computer system, which are significantly greater than those available to the majority of users. Such persons will include, for example, the system administrator and network administrator who are responsible for keeping the system available and may need powers to create new user profiles as well as add to or amend the access rights of existing users.

  • User - Any Uncanny Software employee or partner who has been authorized to access any Uncanny Software electronic information resource.

References

No reference listed

Related Documents

No documents listed

Revision History

Last updated 1 year ago

Document history via Github