Table of Contents

  1. Hiring policies and practices and employment application – https://leadx.org/hiring-policy/
  2. User account administration policy and procedures for all supported platforms where scoped systems and data are processed including network access – https://leadx.org/server-security-policy/
  3. Documentation detailing the execution of user entitlement reviews / Application security policy – https://leadx.org/web-security-policy/
  4. Incident report policy and procedures including all contract information – https://leadx.org/data-security-policy/
  5. Visitor Policy and procedures – https://leadx.org/visitor-policy/
  6. Log review policies and procedures – https://leadx.org/audit-and-logging-policy/
  7. Risk management program policies and procedures – https://leadx.org/risk-policy/
  8. System backup Policy and procedures – https://leadx.org/backup-policy/
  9. Change control Policy/procedures – https://leadx.org/change-management-policy/
  10. Problem management Policy/procedures – https://leadx.org/problem-management-policy/
  11. Privacy Policy – https://leadx.org/privacy-policy/
  12. Asset Management Policy – https://leadx.org/asset-management-policy/
  13. Information Classification and Handling Policy – https://leadx.org/information-policy/
  14. Vulnerability Management Policy – https://leadx.org/vulnerability-management-policy/
  15. Anti-Malware Policy – https://leadx.org/anti-malware-policy/
  16. Server Hardening Checklist – https://leadx.org/server-hardening-checklist/
  17. Security Awareness Policy – https://leadx.org/security-awareness-policy/
  18. Employee Termination or Change of Role Policy – https://leadx.org/employee-termination-policy/
  19. Physical Security Policy – https://leadx.org/physical-security-policy/
  20. Network Security or Firewall Policy – https://leadx.org/network-security-policy/
  21. Password Management Policy – https://leadx.org/password-management-policy/
  22. Remote Access Policy – https://leadx.org/remote-access-policy/
  23. SDLC Policy – https://leadx.org/sdlc-policy/
  24. Incident Management Policy – https://leadx.org/incident-management-policy/
  25. Business Continuity Plan including BCP Test – https://leadx.org/business-continuity-plan/

Executive Summary of certificates held

Certifications from our Digital Ocean hosting providers:

  • SOC 2 Type II

Certifications from our Amazon hosting providers:

  • ISO 9001
  • ISO 27001
  • ISO 27017
  • ISO 27018
  • PCI DSS Level 1
  • SOC1
  • SOC2
  • SOC3

Physical Security policy and procedures

Our data centers are co-located in some of the most respected data center facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our data center facilities includes but is not limited to:

  • 24/7 Physical security guard services
  • Physical entry restrictions to the property and the facility
  • Physical entry restrictions to our co-located data center within the facility
  • Full CCTV coverage externally and internally for the facility
  • Biometric readers with two-factor authentication
  • Facilities are unmarked as to not draw attention from the outside
  • Battery and generator backup
  • Generator fuel carrier redundancy
  • Secure loading zones for delivery of equipment

Topics covered in the security training program

  1. Employee Procedures and Responsibilities
  2. Server Security
  3. Web Security
  4. Network Security
  5. Data Security
  6. Visitor/Guest Policies
  7. Auditing Logs
  8. Proper Adoption/Usage of Third Party Software Policies