Security compliance documentation

[ferrisoxide]

Describe the task

Prepare a document detailing the security context of the application, including security compliance provided by third party vendors (e.g. hosting vendors) as well as our own internal security protocols and practices.

The target audience for this are client's IT departments. The aim is to address any security concerns IT departments may have, as well as establish lines of communication for handling any potential future security issues.

Success Criteria

• MUST cover compliance provided by all third-party vendors (hosting, monitoring, email, etc)
• MUST detail security practices undertaken within Eventide
• MUST refer to any security standards that are either met or form the basis of security protocols
• MUST detail the process for reporting security issue to Eventide
• MUST detail the process for Eventide to communicate any security issues to clients.

Additional Notes

We've prepared similar documents in the past. Try to find these first and see if we have already covered some of this.