company_application_and_data_security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
company_application_and_data_security [2019/11/24 17:31] – [Security Policies for LUCY staff] lucy | company_application_and_data_security [2019/11/24 18:02] – [Vulnerability management] lucy | ||
---|---|---|---|
Line 11: | Line 11: | ||
| Is a risk management process implemented dealing with the periodical identification, | | Is a risk management process implemented dealing with the periodical identification, | ||
| Is a periodic assessment conducted of how well the security policies and procedures are respected within the company? | partially | We have two roles DPO & CSRO (chief sec and risk officer). There' | | Is a periodic assessment conducted of how well the security policies and procedures are respected within the company? | partially | We have two roles DPO & CSRO (chief sec and risk officer). There' | ||
+ | | On what standards does LUCY perform Penetration tests? | Yes| OSSTMM https:// | ||
+ | |||
+ | |||
+ | |||
==== Allocation of information security responsibilities ==== | ==== Allocation of information security responsibilities ==== | ||
Line 133: | Line 137: | ||
^ Questions ^ Response ^ Comments ^ | ^ Questions ^ Response ^ Comments ^ | ||
| Do you inform your customers about vulnerabilities in your products once you had a chance to address them, regardless of whether they were discovered internally, or reported to you? | yes | with a dedicated form and a direct mailing put in place already | | | Do you inform your customers about vulnerabilities in your products once you had a chance to address them, regardless of whether they were discovered internally, or reported to you? | yes | with a dedicated form and a direct mailing put in place already | | ||
+ | |||
+ | ==== Vulnerability Rating==== | ||
+ | Our vulnerabilities are rated based on CVSS standard (https:// | ||
===== Operations Management and Security Controls ===== | ===== Operations Management and Security Controls ===== |
company_application_and_data_security.txt · Last modified: 2021/09/01 15:11 by lucy