Security Policy

Information Security Policy

Definitions

File Transfer Protocol (FTP): This is a standard Internet protocol for transmitting files between computers on the Internet.

Overview

The servers at Teammate App Limited provide a wide variety of services to internal and external users, and many servers also store or process sensitive information for Teammate App Limited. These hardware devices are vulnerable to attacks from outside sources, requiring due diligence by the IT Department to secure the hardware against such attacks.

Purpose

The purpose of this policy is to define standards and restrictions for the base configuration of internal server equipment owned and/or operated by or on Teammate App Limited’s internal network(s) or related technology resources via any means. This can include, but is not limited to, the following:

      • Internet servers (FTP servers, Web servers, Mail servers, Proxy servers, etc.)

      • Application servers

      • Database servers

      • File servers

      • Print servers

      • Third-party appliances that manage network resources

    This policy also covers any server device outsourced, co-located, or hosted at external/third-party service providers if that equipment resides in the Teammate App Limited.org domain or appears to be owned by Teammate App Limited.

    The overriding goal of this policy is to reduce operating risk. Adherence to the Teammate App Limited Server Security Policy will:

        • Eliminate configuration errors and reduce server outages

        • Reduce undocumented server configuration changes that tend to open security vulnerabilities

        • Facilitate compliance and demonstrate that the controls are working

        • Protect Teammate App Limited data, networks, and databases from unauthorized use and/or malicious attack

      Therefore, all server equipment owned and/or operated by Teammate App Limited must be provisioned and operated in a manner that adheres to company-defined processes.

      This policy applies to all Teammate App Limited company-owned, company-operated, or company-controlled server equipment. The addition of new servers within Teammate App Limited facilities will be managed at the sole discretion of IT. Non-sanctioned server installations, or use of unauthorized equipment that manage networked resources on Teammate App Limited property, is strictly forbidden.

      Policy details

      Responsibilities

      Teammate App Limited’s Owner has the overall responsibility for the confidentiality, integrity, and availability of Teammate App Limited data.

      Other IT staff members, under the direction of the Owner, are responsible for following the procedures and policies within IT.

      Supported Technology

      All servers will be centrally managed by Teammate App Limited’s IT Department and will utilize approved server configuration standards. Approved server configuration standards will be established and maintained by Teammate App Limited’s IT Department.

      All established standards and guidelines for the Teammate App Limited IT environment are documented in an IT storage location.

          • The following outlines Teammate App Limited’s minimum system requirements for server equipment supporting Teammate App Limited’s systems.

          • Operating System (OS) configuration must be in accordance with approved procedures.

          • Unused services and applications must be disabled, except where approved by the Director of IT or the VP of IT.

          • Access to services must be logged or protected through appropriate access control methods.

          • Security patches must be installed on the system as soon as possible through

          • Teammate App Limited’s configuration management processes.

          • Trust relationships allow users and computers to be authenticated (to have their identity verified) by an authentication authority. Trust relationships should be evaluated for their inherent security risk before implementation.

          • Authorized users must always use the standard security principle of “Least Required Access” to perform a function.

          • System administration and other privileged access must be performed through a secure connection. The root is a user account that has administrative

          • privileges that allow access to any file or folder on the system. Do not use the root account when a non-privileged account will do.

          • All Teammate App Limited servers are to be in access-controlled environments.

          • All employees are specifically prohibited from operating servers in environments with uncontrolled access (i.e., offices).

        This policy is complementary to any previously implemented policies dealing specifically with security and network access to Teammate App Limited’s network.

        It is the responsibility of any employee of Teammate App Limited who is installing or operating server equipment to protect Teammate App Limited’s technology-based resources (such as Teammate App Limited data, computer systems, networks, databases, etc.) from unauthorized use and/or malicious attack that could result in the loss of member information, damage to critical applications, loss of revenue, and damage to Teammate App Limited’s public image. Procedures will be followed to ensure resources are protected.