- handbook
- Company
- Company
- Board & Investors
- Communications
- Decision making and project management
- Guides
- KPIs and OKRs
- principles
- Remote Work
- Security
- Asset Management Policy
- Business Continuity & Disaster Recovery Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Risk Management Policy
- Third-Party Risk Management Policy
- Human Resources Security Policy
- Incident Response Plan
- Cryptography Policy
- Secure Development Policy
- Access Control Policy
- Information Security Policy and Acceptable Use Policy
- Data Management Policy
- Hardware Security Policy
- strategy
- values
- Operations
- Product
- Blueprints
- Feedback
- Glossary
- Market Segments
- Metrics
- Node-RED Dashboard
- Personas
- Pricing Principles
- Principles
- Strategy
- Versioning
- Engineering & Design Practices
- Design
- Engineering
- Contributing
- Front End
- Packaging Guidelines
- Platform Ops
- Incident Response
- Observability
- FlowFuse Dedicated
- Staging Environment
- Production Environment
- Deployment
- Project Management
- Releases
- Security Policy
- tools
- Website A/B Testing
- Internal Operations
- People Ops
- Coaching Plans
- Code of Conduct
- Compensation
- Expenses
- Hiring
- Holiday & Leave
- Job Descriptions
- CEO
- CTO
- Account Executive
- Product Marketer
- Product Manager
- Engineering Manager
- Solutions Engineer
- Chief of Staff
- Developer Relations Advocate
- FlowFuse Dashboard Engineer
- PeopleOps Policies
- Performance review
- Summit
- Marketing department
- Marketing
- blog
- Brand Voice
- Community
- Company Messaging
- Customer Stories
- FlowFuse for Education
- How we work
- Lead Generation
- Marketing - Website
- Marketing Programs
- Social Media
- Trade Shows
- Video
- Webinars
- Sales department
- Sales
As an all-remote company, good security practices are required of all FlowFuse employees.
The following guide details requirements for personal computer security; these are in support of our broader security policies.
We use the Vanta Agent to monitor a set of these requirements, but it does not cover them all. At this time, we rely on self-managed compliance.
Encrypted Hard Drive
Monitored by Vanta
Ensure your hard drive is encrypted to prevent unauthorized access. This is a built-in feature of all operating systems and must be enabled.
Anti-Virus
Monitored by Vanta
System-level anti-virus must be enabled.
- Windows: use the built-in Windows Defender Antivirus
- MacOS: Enable Gatekeeper/XProtect
- Linux: guidance tbd
Use of a Password Manager
Monitored by Vanta
To encourage secure password usage, FlowFuse provides 1Password to all employees.
Screenlock Enabled
Monitored by Vanta
Devices must have a screenlock configured to enable after a short period of idle time (maximum 15 minutes).
Firewall
Enable a firewall to prevent external access to your device.
- Windows: use the built-in Windows Defender firewall
- MacOS: use the built-in firewall service
- Open System Settings
- Go to Network
- Select Firewall on the sidebar
- Click Turn On Firewall if it's not already enabled
Disable guest/auto-login
Disable any guest accounts on the device and do not allow auto-login of any account.
Keep software up to date
All software, from the Operating System to the Browser, must be kept up to date. Where possible enable auto-updates and actively ensure they are applied.
Secure Browsing
As so much of our work is done in the browser, it is a crucial tool to keep secure. The following guidelines must be followed; specific details will vary depending on the browser being used.
- Keep the browser up to date
- Only install trusted extensions and keep them up to date
- Enable the 1Password extension to provide secure password management
- Chrome: enable Enhanced protection browsing protection level
Secure log retention
Operating system logs must be retained and stored securely according to Operation system defaults. Hard drives encryption must be enabled, no immediate additional action is currently required.
Intrusion Detection and Prevention
For users with privileged access to production systems, additional controls will be required. This have not yet been fully defined, but will require solutions around Intrusion Detection and Prevention (IDPS).
A lot of the controls outlined above play a part in this; firewalls, malware detection, anti-virus etc.
Each operating system has its own tools available for full Intrusion Detection; this guide will be updated with details as our requirements mature.