# Security Policy
**Last Updated:** November 13, 2025
MyWebdav Technologies is committed to protecting the confidentiality, integrity, and availability of information assets. This Security Policy outlines our organizational and technical measures to safeguard data in compliance with NIS2 Directive, GDPR, and ISO/IEC 27001 standards.
## 1. Introduction
### 1.1 Purpose
This policy establishes the framework for securing our cloud storage platform and ensures all personnel understand their security responsibilities.
### 1.2 Scope
Applies to all employees, contractors, systems, and data managed by MyWebdav Technologies.
## 2. Governance and Management
### 2.1 Information Security Management System (ISMS)
We maintain an ISO/IEC 27001-certified ISMS with regular risk assessments, audits, and continuous improvement.
### 2.2 Roles and Responsibilities
- **CISO:** Oversees security program
- **Security Team:** Implements controls and responds to incidents
- **Employees:** Follow policies and report incidents
- **Management:** Provides resources and enforces compliance
## 3. Access Control
### 3.1 Access Management
Access follows the principle of least privilege with multi-factor authentication required for administrative access.
### 3.2 User Authentication
Strong passwords, regular rotation, and account lockout policies are enforced.
### 3.3 Remote Access
Secured via VPN with full logging and monitoring.
## 4. Data Protection and Encryption
### 4.1 Data Classification
Data classified as Public, Internal, Confidential, or Highly Sensitive with appropriate controls.
### 4.2 Encryption Standards
- TLS 1.3 for data in transit
- AES-256 for data at rest
- Secure key management and rotation
### 4.3 Data Retention and Disposal
Data retained only as necessary with secure deletion methods.
## 5. Network Security
### 5.1 Network Segmentation
Isolated networks with firewalls, IDS, and regular monitoring.
### 5.2 Secure Configuration
Hardened systems following CIS Benchmarks.
## 6. Physical Security
### 6.1 Facility Access
Controlled access to data centers with biometric authentication.
### 6.2 Equipment Security
Secure storage in climate-controlled environments.
## 7. Incident Response
### 7.1 Incident Response Plan
Comprehensive plan for identification, containment, eradication, recovery, and notification.
### 7.2 Breach Notification
Incidents reported within 72 hours (GDPR) or 24 hours (NIS2) as applicable.
## 8. Secure Development
### 8.1 Secure Coding Practices
Code reviews, static/dynamic analysis, and vulnerability management.
### 8.2 Change Management
Formal approval processes for production changes.
## 9. Third-Party Risk Management
### 9.1 Vendor Assessment
Security assessments and contractual requirements for all vendors.
## 10. Compliance and Auditing
### 10.1 Regulatory Compliance
Compliance with GDPR, NIS2, and ISO/IEC 27001.
### 10.2 Audits and Assessments
Annual audits, quarterly penetration testing, and continuous monitoring.
### 10.3 Training
Mandatory annual security training for all personnel.
## 11. Enforcement
Compliance is mandatory. Violations may result in disciplinary action up to termination.
## Contact Information
If you have any questions about this security policy, please contact us:
- **Email:** [legal@mywebdav.eu](mailto:legal@mywebdav.eu)
- **Website:** https://mywebdav.eu
- **Address:** MyWebdav Technologies, European Union
MyWebdav Technologies
Reference in New Issue View Git Blame Copy Permalink