Policies

Password Requirements Password Composition Minimum Length: All passwords must be at least 12 characters long. Longer passwords (16+ characters) are strongly encouraged. Character Requirements: Passwords must include at least: One uppercase letter (A-Z) One lowercase letter (a-z) One numeric digit (0-9) One special character (e.g., !@#$%^&*()_+-=[]{}|;:’",.<>/?`~) Complexity Enforcement: Password creation systems must validate these requirements in real-time and provide feedback to users. Dictionary Word Prevention: Passwords cannot consist solely of common dictionary words, regardless of character substitutions....

Acceptable Use Policy Overview This Acceptable Use Policy (“AUP”) establishes clear rules and guidelines for the responsible, secure, and ethical use of company-owned or managed systems, devices, accounts, and data resources. Adherence to this policy helps safeguard organizational assets and maintain compliance with all applicable laws and regulations. Scope This policy applies to all employees, contractors, interns, consultants, temporary staff, and third-party users who access or interact with any company technology resources, whether on-premises or remotely....

Access Provisioning and Deprovisioning Policy Overview This policy establishes the requirements and processes for securely granting, modifying, and revoking access to company systems, applications, and data—for all identities, both human and non-human (e.g., API accounts, service accounts, bots). Its goal is to minimize unauthorized access risk, support compliance, and ensure all access is appropriate for the assigned purpose. Scope This policy applies to all information systems, applications, data, and resources owned, managed, or controlled by the company....

Data Protection and Classification Policy Overview This policy establishes standards for identifying, classifying, and safeguarding all company data—whether accessed by human users or non-human identities such as bots, APIs, and service accounts—throughout its lifecycle. The objective is to ensure data confidentiality, integrity, availability, and compliance with legal and regulatory obligations. Scope This policy applies to all data created, stored, processed, or transmitted by the company, including data handled by third-party service providers....

Device Security Policy Overview This Device Security Policy sets the minimum security requirements for all devices—whether assigned to human users or operated by non-human identities (such as bots, APIs, or automated systems)—that access company systems, networks, or data. The policy aims to protect organizational resources against loss, theft, or compromise, and to support regulatory and business requirements. Scope This policy applies to all company-owned, personally owned (BYOD), or third-party devices used to access company systems or data, including but not limited to laptops, desktops, smartphones, tablets, servers, IoT devices, and devices used by non-human identities (e....

Least Privilege and Role-Based Access Control (RBAC) Policy Overview This policy enforces the principle of least privilege and establishes role-based access control (RBAC) standards for all identities—human and non-human—across company systems, applications, and data. Its objective is to minimize risk, reduce the attack surface, and ensure that each identity is granted only the minimum access required for their legitimate business function. Scope This policy applies to all users (employees, contractors, third parties) and non-human identities (service accounts, APIs, automation bots, application integrations, etc....