Operations Security Policy
Policy Owner: LucasJarvis
Effective Date: 25.01.03.2025
Purpose
To ensure the correct and secure operation of information processing systems and facilities.
...
Vulnerabilities assessed by Tekai shall be patched or remediated in the following timeframes:
Determined Severity | Remediation Time |
Critical | 30 Days |
High | 30 Days |
Medium | 60 Day |
Low | 90 Days |
Informational | As needed |
Service tickets for any vulnerability which cannot be remediated within the standard timeline must show a risk treatment plan and planned remediation timeline.
...
Requests for an exception to this policy must be submitted to the Principal Engineer Technical Lead for approval.
Violations & Enforcement
Any known violations of this policy should be reported to the IT ManagerCIO/CTO. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.
Version | Date | Description | Author | Approved by |
1.0 | 01.03.2025 | First Version | Luca |
APPENDIX A - Configuration and Hardening Standards
...
The following is a list of additional security measures for necessary but insecure services, protocols, or processes. These additions are explained, justified, and tested to make sure they don't create more risks or vulnerabilities.
System that requires additional security measures | Security measure | Justification / Testing strategy |
No additional security measures are required. |