Security Policy

Security Policy

Security Policy

Overview

Unsecured and vulnerable servers/cloud infrastructures continue to be a major entry point for malicious threat actors. Consistent Server/Cloud installation policies, ownership, and configuration management are all about doing the basics well. This is just a summary of our "Operations Security Policy", "Physical Security Policy", "Information Security Policy", "Human Resource Security Policy" which are available upon request through our trust center.

Purpose

The purpose of this policy is to establish standards for the base configuration of all servers, desktops, laptops, and cloud infrastructure that is owned and operated by The Starware Yazılım Ltd. Effective implementation of this policy will minimize unauthorized access to The Starware Yazılım Ltd. proprietary information and technology.

Scope

All employees at The Starware Yazılım Ltd. must adhere to this policy.

Policy

Cloud Infrastructure

All cloud infrastructures are subject to our organization security policy. Which is available upon request through our trust center.

  • Atlassian Forge Apps (Cloud): Completely makes use of Atlassian's runtime for storage and computation. Only selected people have permission to deploy to production, and no-one has access to production data. Only selected people have permission to access production logs if customer has enabled log access. Refer to shared responsibility model reference documentation for details.
  • ACE Apps (Cloud): All production deployment should be done on Amazon Web Services (AWS) using the account designated for this purpose. This account is protected by multifactor authentication (MFA) and is only accessible by the designated AWS administrator. No other cloud infrastructure or self-hosted servers are allowed.
  • DC Apps: These apps are run on the customer's own infrastructure and uses the Jira's own database and server for storage and compute. No data, logs, or analytics is shared with us or any other third party.

End Devices

All end devices such as laptops are subject to our organization security policy. Which is available upon request through our trust center. All personal laptops used for work must be encrypted and have a password set and logged in using a Google Workspace account. Miradore and Vanta MDMs should be always running. Devices should not be used for any other purpose other than work. The laptop should be kept up to date with the latest security updates. No customer data should be stored on laptops. Every employee should sign a personal laptop usage agreement which further explains the proper usage of personal laptops.

Change Management

Changes to the organization, business processes, information processing facilities, production software and infrastructure, and systems that affect information security in the production environment and financial systems shall be tested, reviewed, and approved prior to production deployment. All significant changes to in-scope systems and networks must be documented. You can request our "Operations Security Policy" through our trust center.

Copyright © The Starware