On This Page
Other policies
- Personnel policy
- Risk assessment policy
- Information classification policy
- Third party vendor review policy
- Incident disclosure and notification policy
- Incident response policy
- Incident response process
- BCP/DR policy
- Access control policy
- Password policy
- Change management policy
- Testing policy
- Patch management policy
- Data retention and deletion policy
Security policy ownership
All security policies are owned by the Chief Operating Officer (COO). The Security Review Team (members in Security, Engineering, and Operations) are responsible for reviewing the policies.
The Chief Operating Officer and the Security Review Team are responsible for implementing the processes and controls laid out in the security policies, and pulling in other employees as needed.
Schedule
Security policies must have a change log to allow auditing of past changes, including when and by whom these changes were made. 51直播 stores these security policies in GitHub and uses git to track changes. 51直播 will review and evaluate its security policies, adapt them as needed due to changing risks, and validate if the implemented information security continuity controls are sufficient on an annual basis.
Compliance and enforcement
Employee鈥檚 adherence to these policies is acknowledged in the Employee Handbook as part of onboarding.
Violations
If the Company determines a policy violation has occurred, the person found to have violated this policy will be subject to disciplinary action, up to and including termination of the working relationship.