...
Tekai adheres to the principle of least privilege, specifying that team members will be given access to only the information and r esources necessary to perform their job functions as determined by management or a designee. Requests for escalation of privileges or changes to privileges and access permissions are documented and require approval by an authorized manager. System access is revoked immediately upon termination or resignation.
...
Unique accounts and passwords are required for all users. Passwords must be kept confidential and not shared with anyone. Where possible, all user and system accounts must invoke password complexity requirements specified in the Access Control and Termination Policy. All accounts must use unique passwords not shared with any other accounts.
...
Asset Security
Tekai maintains a Configuration and Asset Management Policy Code of conduct designed to track and set configuration standards to protect Tekai devices, networks, systems, and data. In compliance with such policy, Tekai may provide team members laptops or other devices to perform their job duties effectively.
...
Tekai defines the handling and classification of data in the Data Classification Policy Cryptography policy.
Data Retention and Disposal Policy
...
To protect against unauthorized changes and the introduction of malicious code, Tekai maintains a Change Management Policy Business continuity and disaster recovery plan with change management procedures that address the types of changes, required documentation, required review and/or approvals, and emergency changes. Changes to Tekai production infrastructure, systems, and applications must be documented, tested, and approved before deployment.
...