The purpose of this security policy is to establish guidelines and procedures for ensuring the security of Starfish ETL (Starfish). The policy outlines the procedures to be followed in order to ensure the confidentiality, integrity, and availability of our customer’s information. The policy is designed to comply with all relevant laws and regulations and to ensure that all employees and contractors understand their responsibilities regarding security.
1. Access Control:
Access to the Starfish’s customers software and data is restricted to authorized personnel only. All employees are assigned unique login credentials, which is used to access the company's network and data. Passwords must meet minimum complexity requirements and be changed on a regular basis. Any unauthorized access attempts must be reported immediately to the security team.
2. Data Security:
Our company's data is protected by a combination of encryption, firewalls, intrusion detection and prevention systems, and other security measures. All data will be stored in an encrypted format, both at rest and in transit. Access to data is restricted based on the principle of least privilege, and only authorized personnel are granted access.
3. Network Security:
Starfish’s network is protected by a combination of firewalls, intrusion detection and prevention systems, and other security measures. All network traffic is monitored for signs of unauthorized access or suspicious activity. The network is segmented to limit the scope of any potential breach.
4. Incident Response:
In the event of a security breach or incident, the Starfish will follow established incident response procedures. The incident response team is responsible for containing the breach, identifying the cause, and taking corrective action. All incidents will be documented, investigated, and reported as required by law.
5. Employee Training:
All Starfish employees are trained on the company's security policies and procedures. The training will cover the importance of data security, the proper use of login credentials, and the reporting of security incidents. Employees will also be required to sign an acknowledgment indicating that they understand and agree to comply with the company's security policies.
6. Third Party Service Providers:
Third party service providers will be required to adhere to the company's security policies and procedures. All service providers will be thoroughly vetted before they are granted access to the company's network or data. The company will maintain oversight over all service providers to ensure that they are complying with the company's security policies.