SECURITY WHITEPAPER
SECURITY WHITEPAPER
Organisational and Corporate Security
BACKGROUND CHECKS AND ONBOARDING
Y Soft employees undergo a background check prior to formal employment offers . Employment , education , and criminal checks are performed for potential employees . Reference verification is performed at the hiring manager ' s discretion .
Upon hire , all employees must read , and acknowledge Y Soft ' s Information Security Policy and IT Acceptable Use Policy which help define employee ' s security responsibilities in protecting company assets / data ( including , but not limited to protecting mobile devices , and securing corporate equipment ).
POLICY MANAGEMENT
To help keep all our employees on the same page regarding protecting data , Y Soft documents and maintains several written policies and procedures . Y Soft maintains a core Written Information Security Policy - the policy covers data handling requirements , privacy considerations , and responses to violations , among many other topics .
Policies are reviewed and approved at least annually and stored in the company wiki . Policies requiring acknowledgment by employees are incorporated into mandatory annual training .
SECURITY AWARENESS TRAINING
We consider employees to be our first line of defense and we ensure Y Soft employees are well trained for their roles . Security awareness training that covers general security best practices is offered to all new Y Soft employees upon hire , and on an annual basis . In addition to awareness training , Y Soft keeps employees aware of recent security news or initiatives with internal knowledge articles .
After initial training , more specialized content is available based on an employee ' s role or resulting access . For example , Y Soft has a Security Champions program , where developers on the product teams have opportunities for additional training on security development , common risk , threats , and issues .
RISK MANAGEMENT
Within Y Soft a Risk Register has been created which identifies hazards encountered during the company ’ s operations . Managers are encouraged to populate this register with hazards that have not previously been identified within their respective project area . This register is held on Y Soft Confluence . This document forms part of overall Y Soft ’ s Information Security Management Systems Framework .
Risk mitigation and remediation activities are tracked via a ticketing system and reviewed at a designated cadence .
YSoft SAFEQ Cloud - 25 - YSOFT . COM