Security policies

Dock Labs strives to follow best practices for information management and system security.

Specific practices include:

• Strategic Alignment: Aligning security objectives with the overall business strategy to support organizational goals.

• Leadership Oversight: Managed by a dedicated security manager and subject to regular policy reviews.

• People Security: Includes confidentiality agreements and mandatory security training. All new hires receive security training as part of on boarding and all team member continue to receive annual security training. This training encompasses key areas such as avoiding phishing attacks and other security best practices, ensuring continuous skill enhancement in security roles.

• Physical and Remote Work Protocols: Focuses on secure remote work practices, including device security and data protection.

• Access Control: Enforces the least privilege principle and conducts regular access audits. Our access management policies detail risks associated with system and data access, specifying procedures for granting, monitoring, and revoking access.

• Robust Password and Data Policies: Ensures strong password use and responsible data management.

• Change Management: Follows documented procedures for system changes and development.

• Disaster Recovery: Implements effective backup strategies for business continuity.

• Incident Response and Preparedness: Developing and maintaining robust incident response plans.

• Vendor Management: Utilizes proactive monitoring and collaborates with security-conscious vendors.

• Continuous Policy Enforcement and Updates: Enforces strict adherence to security policies, with annual reviews for relevancy.

• Risk Management: Identifying, assessing, and mitigating risks to maintain the integrity, confidentiality, and availability of information.

• Compliance and Legal Requirements: Ensuring adherence to relevant laws, regulations, and industry standards.

• Documentation Storage: All risk-related documentation, including NDAs, confidentiality agreements, and access management policies, are securely stored in designated, secure repositories, accessible only to authorized personnel. We maintain an audit trail for any changes to these documents.

• Documented Evidence: Our strategy and security objectives are formally documented in our strategic planning documents and Information Security Policy. These documents detail the specific goals, responsibilities, and procedures that govern our approach to security and overall business strategy. They are reviewed and approved by the management team and are subject to regular updates to reflect evolving business needs and security landscapes.

• Continuous Improvement: Regularly reviewing and updating security policies and procedures to address emerging threats and changes in the business environment.

We additionally follow specific architectural and coding practices such as:

• Minimize the storage of Personally Identifiable Information (PII)

• Encrypt data in transit and at rest

• Production logs do not contain user data

• System anomalies are automatically reported to employees so they can be triaged in a timely manner

• All changes must be reviewed by a team member before deployment