2025-11-13 21:28:53 +01:00
< html >
2025-11-13 20:56:41 +01:00
< head >
2025-11-13 21:28:53 +01:00
< title > Security Policy< / title >
< style >
body {
font-family: 'Times New Roman', serif;
line-height: 1.6;
max-width: 800px;
margin: 0 auto;
padding: 20px;
color: #333;
}
h1, h2, h3 {
color: #2c3e50;
margin-top: 30px;
}
h1 { font-size: 2em; border-bottom: 2px solid #3498db; padding-bottom: 10px; }
h2 { font-size: 1.5em; border-bottom: 1px solid #bdc3c7; padding-bottom: 5px; }
ul { margin-left: 20px; }
li { margin-bottom: 8px; }
strong { color: #2c3e50; }
< / style >
2025-11-13 20:56:41 +01:00
< / head >
< body >
2025-11-13 21:28:53 +01:00
< h1 > Security Policy< / h1 >
< p > < em > Last Updated: November 13, 2025< / em > < / p >
< h2 > 1. Introduction< / h2 >
< h3 > 1.1 Purpose< / h3 >
< p > This policy establishes the framework for securing our cloud storage platform and ensures all personnel understand their security responsibilities.< / p >
< h3 > 1.2 Scope< / h3 >
< p > Applies to all employees, contractors, systems, and data managed by MyWebdav Technologies.< / p >
< h2 > 2. Governance and Management< / h2 >
< h3 > 2.1 Information Security Management System (ISMS)< / h3 >
< p > We maintain an ISO/IEC 27001-certified ISMS with regular risk assessments, audits, and continuous improvement.< / p >
< h3 > 2.2 Roles and Responsibilities< / h3 >
< ul >
< li > < strong > CISO:< / strong > Oversees security program< / li >
< li > < strong > Security Team:< / strong > Implements controls and responds to incidents< / li >
< li > < strong > Employees:< / strong > Follow policies and report incidents< / li >
< li > < strong > Management:< / strong > Provides resources and enforces compliance< / li >
< / ul >
< h2 > 3. Access Control< / h2 >
< h3 > 3.1 Access Management< / h3 >
< p > Access follows the principle of least privilege with multi-factor authentication required for administrative access.< / p >
< h3 > 3.2 User Authentication< / h3 >
< p > Strong passwords, regular rotation, and account lockout policies are enforced.< / p >
< h3 > 3.3 Remote Access< / h3 >
< p > Secured via VPN with full logging and monitoring.< / p >
< h2 > 4. Data Protection and Encryption< / h2 >
< h3 > 4.1 Data Classification< / h3 >
< p > Data classified as Public, Internal, Confidential, or Highly Sensitive with appropriate controls.< / p >
< h3 > 4.2 Encryption Standards< / h3 >
< ul >
< li > TLS 1.3 for data in transit< / li >
< li > AES-256 for data at rest< / li >
< li > Secure key management and rotation< / li >
< / ul >
< h3 > 4.3 Data Retention and Disposal< / h3 >
< p > Data retained only as necessary with secure deletion methods.< / p >
< h2 > 5. Network Security< / h2 >
< h3 > 5.1 Network Segmentation< / h3 >
< p > Isolated networks with firewalls, IDS, and regular monitoring.< / p >
< h3 > 5.2 Secure Configuration< / h3 >
< p > Hardened systems following CIS Benchmarks.< / p >
< h2 > 6. Physical Security< / h2 >
< h3 > 6.1 Facility Access< / h3 >
< p > Controlled access to data centers with biometric authentication.< / p >
< h3 > 6.2 Equipment Security< / h3 >
< p > Secure storage in climate-controlled environments.< / p >
< h2 > 7. Incident Response< / h2 >
< h3 > 7.1 Incident Response Plan< / h3 >
< p > Comprehensive plan for identification, containment, eradication, recovery, and notification.< / p >
< h3 > 7.2 Breach Notification< / h3 >
< p > Incidents reported within 72 hours (GDPR) or 24 hours (NIS2) as applicable.< / p >
< h2 > 8. Secure Development< / h2 >
< h3 > 8.1 Secure Coding Practices< / h3 >
< p > Code reviews, static/dynamic analysis, and vulnerability management.< / p >
< h3 > 8.2 Change Management< / h3 >
< p > Formal approval processes for production changes.< / p >
< h2 > 9. Third-Party Risk Management< / h2 >
< h3 > 9.1 Vendor Assessment< / h3 >
< p > Security assessments and contractual requirements for all vendors.< / p >
< h2 > 10. Compliance and Auditing< / h2 >
< h3 > 10.1 Regulatory Compliance< / h3 >
< p > Compliance with GDPR, NIS2, and ISO/IEC 27001.< / p >
< h3 > 10.2 Audits and Assessments< / h3 >
< p > Annual audits, quarterly penetration testing, and continuous monitoring.< / p >
< h3 > 10.3 Training< / h3 >
< p > Mandatory annual security training for all personnel.< / p >
< h2 > 11. Enforcement< / h2 >
< p > Compliance is mandatory. Violations may result in disciplinary action up to termination.< / p >
< hr >
< h3 > Contact Information< / h3 >
< p > If you have any questions about this security policy, please contact us:< / p >
< ul >
< li > < strong > Email:< / strong > < a href = "mailto:legal@mywebdav.eu" > legal@mywebdav.eu< / a > < / li >
< li > < strong > Website:< / strong > < a href = "https://mywebdav.eu" > https://mywebdav.eu< / a > < / li >
< li > < strong > Address:< / strong > MyWebdav Technologies, European Union< / li >
< / ul >
< p > MyWebdav Technologies< / p >
2025-11-13 20:56:41 +01:00
< / body >
< / html >
