- handbook
- Company
- Company
- Board
- Communications
- Decision making
- Guides
- KPIs and OKRs
- principles
- Remote Work
- Security
- Asset Management Policy
- Business Continuity & Disaster Recovery Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Risk Management Policy
- Third-Party Risk Management Policy
- Human Resources Security Policy
- Access Control Policy
- Incident Response Plan
- Cryptography Policy
- Information Security Policy and Acceptable Use Policy
- Secure Development Policy
- Data Management Policy
- strategy
- values
- Operations
- Product
- Feedback
- Market Segments
- Metrics
- Node-RED Dashboard
- personas
- Pricing Principles
- Principles
- Responsibilities
- Strategy
- Versioning
- Customer department
- Customer
- Customer Success
- Hubspot
- Marketing
- How we work
- Marketing
- Video
- Customer Stories
- Social Media
- blog
- Community
- Marketing - Website
- Webinars
- FlowFuse Messaging
- Sales
- Engineering & Design Practices
- Design
- Engineering
- Certified Nodes
- contributing
- Front End
- Packaging Guidelines
- Platform Ops
- Deployment
- Incident Response
- Observability
- Production Environment
- FlowFuse Dedicated
- Staging Environment
- Project Management
- Releases
- Security Policy
- tools
- Website A/B Testing
- Internal Operations
- People Ops
# Security
To ensure the safety and security of our company, employees, and customers, FlowFuse maintains a set of security policies that we all must follow.
It is important that every takes the time to understand their own responsibilities in this area, which includes prompt reporting and resolution of any issues identified.
- Information Security Policy and Acceptable Use Policy
- Information Security Roles and Responsibilities
- Access Control Policy
- Data Management Policy
- Secure Development Policy
- Operations Security Policy
- Cryptography Policy
- Asset Management Policy
- Third Party Risk Management Policy
- Human Resources Policy
- Risk Management Policy
- Incident Response Plan
- Business Continuity and Disaster Recover Policy
# Credentials
# Password vault
The company provides a 1Password Vault account to all employees. When available, sign in with your Google Workspace account. When this option is not available, you must not reuse the same password between different application, but you must generate a new one per application. Passwords are stored in 1Password for both individual user accounts and shared accounts (e.g. FlowFuse npmjs account).
Any shared accounts should be in an appropriate vault shared with those that need it only, but always more than just one person.
# 2FA
For all services that support it, 2FA authentication should be enabled and if possible enforced by policy. Where possible the 2FA seed keys should be added to the entry in the Password Vault.
# Executive Fraud
The CEO, CTO, and other executives at FlowFuse will never email anyone to wire money, request you to buy gift cards, or request any other type of monitory transaction. Transactions are started through a set process only. When in doubt, reach out through Slack and request a huddle with the executive to validate.