security-policies/README.md

22 lines
963 B
Markdown

# nexus/security-policies
Information security policies and procedures for Nexus Corp.
> Internal use only. Do not distribute outside the organisation.
## Document index
| Document | Owner | Version | Last reviewed |
|----------|-------|---------|---------------|
| [Password Policy](policies/password-policy.md) | InfoSec | 2.1 | 2025-10 |
| [Access Control Policy](policies/access-control.md) | IT Security | 1.4 | 2025-10 |
| [Incident Response](procedures/incident-response.md) | SOC | 1.2 | 2025-11 |
| [Vulnerability Management](procedures/vulnerability-management.md) | AppSec | 1.1 | 2025-12 |
| [Data Classification](standards/data-classification.md) | Compliance | 1.0 | 2026-01 |
| [Acceptable Use](policies/acceptable-use.md) | HR/Legal | 3.0 | 2025-10 |
| [Remote Work](policies/remote-work.md) | HR | 2.2 | 2026-01 |
## Review schedule
Policies are reviewed annually or after significant incidents.
All reviews require sign-off from the CISO.