GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests 1 Projects Releases 323 Packages Wiki Activity Actions
botserver/SECURITY.md
Rodrigo Rodriguez (Pragmatismo) 6d75b4997b fix: update URLs and email addresses to reflect new domain
2025-04-15 12:49:05 -03:00

61 lines
3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# General Bots Security Policy
## Overview
Request your free IT security evaluation
• Reduce the risk of IT problems
• Plan for problems and deal with them when they happen
• Keep working if something does go wrong
• Protect company, client and employee data
• Keep valuable company information, such as plans and designs, secret
• Meet our legal obligations under the General Data Protection Regulation and other laws
• Meet our professional obligations towards our clients and customers
This IT security policy helps us:
• Rodrigo Rodriguez is the director with overall responsibility for IT security strategy.
• Microsoft is the IT partner organisation we use to help with our planning and support.
• Microsoft is the data protection officer to advise on data protection laws and best practices
Review process
We will review this policy yearly.
In the meantime, if you have any questions, suggestions
or feedback, please contact security@pragmatismo.com.br
We will only classify information which is necessary for the completion of our duties. We will also limit
access to personal data to only those that need it for processing. We classify information into different
categories so that we can ensure that it is protected properly and that we allocate security resources
appropriately:
• Unclassified. This is information that can be made public without any implications for the company,
such as information that is already in the public domain.
• Employee confidential. This includes information such as medical records, pay and so on.
• Company confidential. Such as contracts, source code, business plans, passwords for critical IT
systems, client contact records, accounts etc.
• Client confidential. This includes personally identifiable information such as name or address,
passwords to client systems, client business plans, new product information, market sensitive
information etc.
Employees joining and leaving
We will provide training to new staff and support for existing staff to implement this policy. This includes:
• An initial introduction to IT security, covering the risks, basic security measures, company policies
and where to get help
• Each employee will complete the National Archives Responsible for Information training course
(approximately 75 minutes)
• Training on how to use company systems and security software properly
• On request, a security health check on their computer, tablet or phone
When people leave a project or leave the company, we will promptly revoke their access privileges to
The company will ensure the data protection office is given all appropriate resources to carry out their
tasks and maintain their expert knowledge.
The Data Protection Officer reports directly to the highest level of management and must not carry out
any other tasks that could result in a conflict of interest.
## Reporting a Vulnerability
You can expect to get an update on a reported vulnerability in a day or two.
security@pragmatismo.com.br
Reference in a new issue View git blame Copy permalink