Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Add Cloud Computing Policy to the Handbook (#33587)

Browse source 
Add Cloud Computing Policy to the Handbook. Customers have required this
to be in our Policy.
Verified that the policy is rendered correctly and consistent with the
style in the handbook.
No Issue creates as this is just a documentation change to the policy.

---------

Signed-off-by: Ram  Marti <ram@fleetdm.com>
Co-authored-by: Ram  Marti <ram@fleetdm.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
This commit is contained in:
srm60 2025-10-02 12:44:50 -07:00 committed by GitHub
parent d958046651
commit 71acff4644
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
handbook/finance/security.md
View file

@ -898,6 +898,32 @@ Effective security is a team effort. This involves the participation and support
All Fleet employees and long-term collaborators are expected to read and electronically sign the *acceptable use of end-user computing* policy. They should also be aware of the others and consult them as needed. This is to make sure systems built and used are done in a compliant manner.
### Acceptable use of cloud computing policy
| Policy owner | Effective date |
| -------------- | -------------- |
| @lukeheath | 2025-10-01 |
This policy applies to all users of the company's cloud computing resources, including employees, contractors, vendors, and partners with access to the cloud services.
- All cloud environments owned and operated by the company, including "Infrastructure-as-a-Service" (IaaS), "Platform-as-a-Service" (PaaS), and "Software-as-a-Service" (SaaS) deployed or managed by the company are governed by this policy.
- Fleet's cloud resources must only be used for legitimate business purposes approved by the company.
- Users must access company-owned cloud systems only with company-managed accounts and approved identity methods.
- Company data must only be stored in the companys cloud environments that have been security-reviewed and approved by the Information Security team.
- Personal use of company-provisioned cloud services is prohibited.
- Unauthorized sharing, downloading, or uploading of the company intellectual property to non-company cloud accounts is strictly forbidden.
#### Prohibited Activities
Users must not use the company's cloud resources to:
- Attempt to disable, bypass, or interfere with cloud security controls.
- Deploy workloads that violate the company policies or applicable laws (e.g., cryptocurrency mining, illegal content).
- Conduct personal business, personal profit activities, or malicious activity.
- Introduce unapproved third-party integrations, extensions, or APIs.
- Store, process, or transmit unencrypted PII, PHI, PCI, or sensitive company data outside approved company cloud environments.
### Acceptable use of end-user computing
> _Created from [JupiterOne/security-policy-templates](https://github.com/JupiterOne/security-policy-templates). [CC BY-SA 4 license](https://creativecommons.org/licenses/by-sa/4.0/)_