/
Partner Security Policy

Partner Security Policy

This security policy outlines the measures taken by XDevPod to protect its information assets and systems, ensuring a secure environment for its users.

Scope: This policy applies to all XDevPod personnel, including contractors, and all activities related to the use, handling, management, or control of XDevPod's information assets and systems.

Key Security Measures:

  • Access Control: Access to information assets and systems is managed based on the principle of least privilege and need-to-know. Unique, strong credentials (complex passwords, biometrics, or tokens) are required for all personnel.

  • Human Resources Security: Prior to employment, all personnel undergo background verification checks. A security awareness and training program is in place, with defined metrics to measure its success.

  • Information Management: Information is classified and handled according to defined policies and procedures, including an information classification and handling policy and a data stewardship and governance policy.

  • Information Assets: All information assets are identified, recorded, and routinely assessed in an information asset register. Each asset has a defined owner and classification label.

  • Cryptography and Encryption: XDevPod utilizes industry-standard strong encryption and cryptography to protect information assets and systems. All authentication and authorization communications are encrypted, and personally identifiable information is protected both at rest and in transit.

  • Operations: Operational processes are regularly reviewed to ensure adherence to information security best practices. Change management processes include verification of information security controls. Networked assets are continuously monitored for threats.

  • Communications: Information assets are protected during transit using encryption and cryptographic controls in accordance with the information classification and handling policy.

  • System Acquisition and Development: XDevPod employs a defined Systems Development Lifecycle (SDLC) that integrates information security practices into each phase of system acquisition and development.

  • Supplier and Third-Party Relationships: Suppliers and third-party entities are regularly assessed and reviewed for their information security practices to ensure alignment with XDevPod's standards.

  • Incident Management: Measures are in place to identify, alert on, and manage information security incidents. Suspected or actual incidents are reported to a designated information security manager, and procedures are followed for triage, addressing, reducing, and recovering from incidents.

  • Business Continuity and Disaster Recovery: Information security controls are defined and maintained for systems critical to business continuity and disaster recovery plans, ensuring continued operation in the event of severe incidents.

  • Compliance: Information assets and systems are routinely audited to confirm compliance with XDevPod's internal standards, as well as relevant regulatory, legislative, and contractual requirements.

  • Remote Access and Teleworking: Robust information security controls are implemented for remote access and teleworking arrangements, commensurate with the criticality of the accessed information assets and systems.