Skip to main content

Security Policy Summary

Purpose & Goal

This policy outlines requirements to protect NGPILOT's information assets and systems. The goal is to establish a clear baseline for security controls.

Scope

Applies to all NGPILOT personnel (including contractors) and activities involving NGPILOT information assets and systems.

Key Responsibilities

  • Personnel: Follow regulations and this policy to safeguard assets. Report any security deviations.
  • Management: Ensure roles and responsibilities are clear and aligned with security best practices.

Core Security Measures

  • Access Control: Implement least privilege and need-to-know access. Use unique, strong credentials (complex passwords, biometrics, tokens). Maintain access control procedures.
  • Human Resources: Conduct background checks. Provide mandatory security awareness training and measure its effectiveness.
  • Information Management & Assets: Classify, handle, and govern information according to defined policies. Maintain an asset register with assigned owners and classifications.
  • Cryptography & Encryption: Use industry-standard strong encryption for authentication, authorization, PII (at rest and in transit), and communications (e.g., TLS for SMTP).
  • Operations: Maintain secure operational processes, including change management, network monitoring, and endpoint security.
  • Communications: Securely transmit information assets using encryption as per classification policy.
  • System Acquisition & Development: Integrate security into the Systems Development Lifecycle (SDLC).
  • Supplier Management: Assess third-party security practices according to the Third Party Management Policy.
  • Incident Management: Implement measures to detect, report, triage, and recover from security incidents.
  • Business Continuity: Maintain security controls within business continuity and disaster recovery plans for critical systems.
  • Compliance: Regularly audit systems for compliance with internal standards and external requirements.
  • Remote Access: Implement security controls for remote access and teleworking, adhering to the Endpoint Security Policy.