This Acceptable Use Policy defines standards for appropriate and secure use of The AET’s hardware and electronic systems including storage media, communication tools and internet access. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations. This policy is guided by security requirements specific to The AET including applicable laws and regulations.
This Access Control and Termination Policy defines requirements for access and removal of access to The AET data, systems, facilities, and networks. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations. This policy is guided by security requirements specific to The AET including applicable laws and regulations.
This Business Continuity and Disaster Recovery Plan guides The AET in the event of a significant business disaster or other disruption to normal service. The AET must respond to business disasters and disruption by safeguarding employees’ lives and company assets, making a financial and operational assessment, securing data, and quickly recovering operations.
This Change Management Policy defines how changes to applications, systems, services, and infrastructure are planned and implemented. The goal of change management is to increase awareness and understanding of proposed changes across The AET and ensure that all changes are made in a thoughtful way that minimize negative impact to services and customers.
This Code of Conduct outlines The AET's expectations measured against the highest possible standards of ethical business conduct. Committing to the highest standards helps The AET hire great people, build great products, and attract loyal customers.
This Configuration and Asset Management Policy provides procedures supporting effective organizational asset management, specifically focused on electronic devices within the organization and baseline configurations for The AET assets and systems.
This Data Classification Policy provides the basis for protecting the confidentiality of data at The AET by establishing a data classification system. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations. This policy is guided by security requirements specific to The AET including applicable laws and regulations.
This Data Retention and Disposal Policy addresses how a customer's data is retained and disposed of and to ensure this is carried out in a consistent manner. From time to time, The AET may update this policy. This policy is guided by security requirements specific to The AET including compliance with applicable laws and regulations.
This Encryption and Key Management Policy provides guidance on the types of devices and media that need to be encrypted, when encryption must be used, the minimum standards of the software used for encryption, and the requirements for generating and managing keys at The AET. Following documented policy will limit mistakes in selecting keys, implementing the encryption/decryption process, and managing keys and other secrets which are common causes of data exposure.
This Information Security Policy addresses the information security policy topics and requirements which maintain the security, confidentiality, integrity, and availability of The AET applications, systems, infrastructure, and data. The topics and requirements called out in this policy should be continuously improved upon to maintain a secure information security posture. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations. This policy is guided by security requirements specific to The AET including compliance with applicable laws and regulations.
This Internal Control Policy guides The AET regarding the maintenance of an internal control system in order to safeguard the The AET's assets against loss, promote operational efficiency, and encourage adherence to prescribed managerial policies.
The purpose of this document is to define basic rules and requirements for network security and ensure the protection of information within and across networks and supporting information processing facilities.
The performance evaluation process provides a means for discussing, planning and reviewing the performance of each team member. This provides both the employee and the department manager with the opportunity to discuss job tasks, identify and correct weaknesses, encourage and recognize strengths, and discuss methods for improving performance.
The Physical Security Policy specifies the requirements for physically protecting assets and their data via physical controls and safeguards. Physical security is the first line of defense in information security, and without physical protections, virtual protections offer minimal security for assets and data. The AET maintains reasonable steps to ensure that its facilities, information systems, and data are accessed only by authorized personnel or authorized third party visitors to prevent unauthorized access, damage, theft, and interference. All physical security requirements are applicable to both remote and in-office work. Key aspects of physical security include: perimeter and border security, entry controls, visitor management, restricted areas, equipment protection and maintenance, awareness and training, and risk management.
This Risk Assessment Policy guides The AET in performing risk assessments to account for threats, vulnerabilities, likelihood, and impact to The AET assets, team members, customers, vendors, suppliers, and partners based upon the The AET services considering security, availability, integrity, and confidentiality needs.
The purpose of this document is to define basic rules for secure development of software and systems.
The Security Incident Response Plan provides a systematic incident response process for all Information Security Incident(s) (defined below) that affect any of The AET's information technology systems, network, or data, including The AET data held or services provided by third-party vendors or other service providers. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations.
This Vendor Management Policy guides The AET in the execution, management, and termination of vendor and other third party agreements. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations. This policy is guided by security requirements specific to The AET including applicable laws and regulations.
This Vulnerability Management Policy defines an approach for vulnerability management to reduce system risks and integrate with patch management. From time to time, The AET may update this policy and implement different levels of security controls for different information assets, based on risk and other considerations. This policy is guided by security requirements specific to The AET including applicable laws and regulations.