Information Security Policy
LeadiQ takes information security seriously. Please see our documentation below and reach out to email@example.com with any questions.
The LeadIQ Security team is comprised of LeadIQ’s following staff:
Camilo Rivera - Lead DevSecOps Engineer, Thilo Planz - Engineer Team Lead, Paul Daniels -Engineer Team Lead, Linh Nguyen - Engineer Team Lead, Andrea Stella - Engineer Team Lead
The team is responsible for carrying out all security policies and procedures. The team has a directline to the CEO and can communicate with the CEO whenever they need to.
Security Officer Role
Camilo Rivera is the Security Officer. With that title, Camilo Rivera is responsible for creating and enforcing security policies and procedures; leading the monitoring, vulnerability management, and incident detection and response initiatives; and tracking and reducing risk organization-wide.
People Operations Security
All LeadIQ employees undergo background checks prior to gaining substantial access to customer data systems. LeadIQ may rescind an employee’s offer letter if their background check is found to be falsified, erroneous, or misleading.
Security Awareness Training
LeadIQ employees and contractors are provided training on the company’s security policies and procedures during their first 30 days of employment and annually thereafter. All LeadIQ personnel are then required to acknowledge, electronically, that they have the attended training and understand the security policy.
Security Coding Training
LeadIQ employees and contractors in developer roles are provided with SDLC / Secure Coding training during their first 30 days of employment and annually thereafter. Software developers are trained in secure coding techniques, including how to avoid common coding vulnerabilities.All such personnel are then required to acknowledge, electronically, that they have attended and understand SDLC training and OWASP Top Ten common coding vulnerabilities.
Acceptable Use Policy
LeadIQ’s Acceptable Use Policy covers employee responsibilities and behavior for using LeadiQ systems, including devices, email, internal tools, and social media. LeadIQ employees must acknowledge in writing that they’ve read and will abide by the Acceptable Use Policy.
All of LeadIQ’s security policies, including the Acceptable Use Policy, are presented to new employees during onboarding, and all employees are required to sign off that they have read all such policies.
LeadIQ employees who work remotely must follow these rules:
- All company-provided equipment and any equipment used to perform work must remain in the presence of the LeadIQ employee or be securely stored.
- VPN must be used for all connections with production infrastructure.
- All of LeadIQ’s data encryption, protection standards and settings must be followed for company-provided equipment and any equipment used to perform work.
- The confidentiality, security and privacy of LeadIQ’s customers must be preserved by ensuring that no unauthorized individuals may view, overhear, or otherwise have access to LeadiQ’s customer data.
- To enforce, all LeadIQ employees are required to use screen protectors or be conscious of“shoulder surfing” when working in public places like a coffee shop or airport.
- LeadIQ employees are further required not to teleconference with customers in public areas.
- All remote work must be performed in a manner consistent with LeadIQ’s security policies.
Employees who violate any Information Security policies may face disciplinary consequences in proportion to their violation. LeadIQ management will determine how serious an employee’s offense is and take the appropriate action:
- For minor violations, employees may only receive verbal reprimands.
- For more serious violations, employees may face severe disciplinary actions up to and including termination.
The Security team is responsible for ensuring all Information Security policies are followed.Last updated: 3/30/2020