Information Security Policy
Owner: Alpine Shark LLC · Review cadence: semiannual and annual · Effective: [DATE AFTER LEGAL REVIEW]
1. Purpose and scope
[PLACEHOLDER. Paste Section 1 from sec-information-security-policy-external-release.md.]
2. The data QuotaGuard handles
[PLACEHOLDER. Paste Section 2: governing principle, two data categories, Static inbound exception, customer-controlled metadata. This is the heart of the policy.]
3. Roles and responsibilities
[PLACEHOLDER. Paste Section 3.]
4. Access control
[PLACEHOLDER. Paste Section 4: production access bullets + dashboard access bullets. Reminder: the release copy intentionally states no password minimum; do not add one.]
5. Encryption
[PLACEHOLDER. Paste Section 5: in transit, at rest, customer keys.]
6. Acceptable use
[PLACEHOLDER. Paste Section 6.]
7. Change management and software development
[PLACEHOLDER. Paste Section 7.]
8. Vulnerability management, incident response, and business continuity
[PLACEHOLDER. Paste Section 8. The named documents are the NDA-gated set; point readers to the NDA request on /security rather than linking pages that do not exist.]
9. Subprocessors and third parties
[PLACEHOLDER. Paste Section 9, and link the words 'subprocessor list' to /security/subprocessors.]
10. Policy governance
[PLACEHOLDER. Paste Section 10, including the security@quotaguard.com contact sentence.]