Security for Everyone
Security Policy
As a requirement for employment, every employee must review and acknowledge the CivicActions Security Policy that includes:
Security Awareness
Every employee and contractor at CivicActions practices safe and secure computing in the course of their work. We enhance our Security Awareness with Tools by:
- Securing our Laptops
- Using Password Management Tools
- Using Multi-Factor Authentication
- Increasing our awareness of Phishing and Social Engineering
- Keeping our Personal Systems up-to-date
- Employing Disk Encryption and Secure Storage Management
When moving through these steps, please update your entries in the Security Checklist -- if you need help, the Security Team has daily "Security Hours" scheduled in the calendar, or just ask in #general
.
Security and Compliance
Engineers and Project Managers and anyone directly involved in client site operations and management must additionally understand and abide by CivicActions standard Security and Compliance procedures.
Privacy and Security Trainings
CivicActions Employees and Contractors regularly refresh their understanding of privacy regulations and security controls with the latest available information, including:
- Course: Identifying and Safeguarding Personally Identifiable Information (PII)
- Review: CivicActions Employee/Contractor SecurityPolicy
- Internal: Yearly trainings/quizzes scheduled by the CivicActions Security Team
Incident Response
All employees and contractors have reviewed the CivicActions Incident Response procedures and understand what actions to take should they discover something that could be an incident. See What is an Incident? for additional help.
(The project specific Incident Response Teams require additional trainings not covered here.)