New Hire Policy Acknowledgement
All new hires review and acknowledge company policies during onboarding.
Periodic Policy Acknowledgement
Policies are re-acknowledged on a recurring basis to ensure awareness.
Incident Reporting
Customers and employees can report incidents or failures through documented channels.
Risk Framing & Assessment
We perform annual risk assessments, assigning scores for likelihood and impact, and mapping risks to mitigating factors.
Third-Party Vendor Reviews
Vendors are reviewed periodically for security posture and criticality.
Cybersecurity & Privacy Oversight
Senior management designates ownership of information security, assigning accountability across the organization.
Internal Audit
We track the health of our security program internally and report to leadership for review.
Periodic Program Review
Policies, standards, and procedures are reviewed regularly or when significant changes occur.
Sub-service Organization Evaluation
Google Cloud and other sub-service providers are reviewed for compliance and certifications.
Data Protection Impact Assessments
We periodically perform DPIAs to identify risks related to personal data processing.
Retention of Policies
All policy documents are retained for at least six years.
Incident Handling
We maintain a 24/7 on-call incident response process, supported by PagerDuty.
Asset Ownership & Inventory
We assign ownership of assets and maintain inventories for accountability.
Employee Training
All staff receive security and privacy training at hire and regularly thereafter.
Incident Response Process
We follow documented processes for identification, response, monitoring, and post-incident review.