Zenhub’s Jira Apps
Security Policy
Last Updated: August 6, 2024.
1. Introduction
At Zenhub, we prioritize the security of our systems and the data entrusted to us by our users. This Security Policy outlines the measures we take to protect our infrastructure, applications, and user data from threats.
2. Scope
This policy applies to all employees, contractors, and third parties who have access to Zenhub's systems and data. It covers all data, applications, infrastructure, and network resources owned or managed by Zenhub.
3. Security Governance
3.1 Information Security TeamZenhub has an Information Security Team responsible for implementing and maintaining the security program. This team oversees compliance with this policy and regularly reviews and updates security measures.
3.2 Security Awareness
All employees and contractors must complete security awareness training during onboarding and annually thereafter. This training includes best practices for data protection, recognizing phishing attempts, and reporting security incidents.
4. Data Protection
Your use of the Apps is also governed by our Privacy Policy, which explains how we collect, use, and protect your information.
4.1 Data Classification
Zenhub classifies data into the following categories:
Public
Internal
Confidential
Highly Confidential
Data is handled according to its classification, with higher levels of protection for more sensitive data.
4.2 Data Encryption
Data at Rest: All sensitive data is encrypted at rest using industry-standard encryption algorithms.
Data in Transit: Data transmitted over networks is encrypted using TLS (Transport Layer Security) to ensure its confidentiality and integrity.
5. Access Control
5.1 User Access Management
- Access to systems and data is granted based on the principle of least privilege.
- All user access requests must be approved by the appropriate manager and the Information Security Team.
- User accounts are reviewed regularly to ensure appropriate access levels.
5.2 AuthenticationMulti-Factor Authentication (MFA) is required for access to all critical systems.Password policies require the use of strong, unique passwords that are changed regularly.
6. Network Security
6.1 Firewalls and Network SegmentationFirewalls are used to protect the network perimeter and segment internal networks.
Network segmentation is implemented to limit access to sensitive systems and data.
6.2 Intrusion Detection and Prevention
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are deployed to monitor and protect against suspicious activities.
7. Application Security
7.1 Secure Development Practices
Secure coding practices are enforced, and regular code reviews are conducted.Automated tools are used to scan code for vulnerabilities.
7.2 Vulnerability ManagementRegular vulnerability assessments and penetration tests are conducted.Identified vulnerabilities are promptly addressed based on their severity.
8. Incident Response
8.1 Incident ManagementA formal incident response plan is in place to address security incidents.All employees are trained to recognize and report potential security incidents.
8.2 Incident ReportingSecurity incidents must be reported immediately to the Information Security Team.Incident reports are documented and reviewed to prevent future occurrences.
9. Compliance and Audits
9.1 Regulatory Compliance
Zenhub complies with applicable data protection regulations and industry standards.Regular audits are conducted to ensure compliance with this policy and regulatory requirements.
9.2 Third-Party Security
Security assessments are conducted for all third-party vendors and service providers.
Contracts with third parties include security requirements and compliance obligations.
10. Policy Review
This Security Policy is reviewed annually and updated as necessary to reflect changes in our security posture, industry best practices, and regulatory requirements.
11. Contact Information
For any questions or concerns regarding this Security Policy, please contact the Information Security Team at [dpo@zenhub.com].