Acceptable Use and Endpoint Security Policy
Establishes minimum safeguards for devices used to access source code, secrets, production, or customer data.
Access Control Policy
Defines identity, authentication, least-privilege, customer authorization, and privileged-access requirements.
AI and Customer Data Handling Policy
Governs model providers, permitted data, training restrictions, retention, human review, and AI transparency for Fi.
Business Continuity and Disaster Recovery Policy
Defines backup, off-site protection, restoration, continuity priorities, and disaster-recovery testing for Fi.
Cryptography and Key Management Policy
Defines approved encryption use, secret storage, key lifecycle, rotation, recovery, and verification.
Data Classification, Retention, and Disposal Policy
Defines Cellect data classes, permitted handling, retention schedules, deletion, and disposal evidence.
Incident Response Policy and Plan
Defines detection, triage, containment, recovery, notification, evidence preservation, and learning for security incidents.
Information Security Policy
Establishes Cellect's owner-operated information security program and governance responsibilities.
Physical Security Policy
Defines office, equipment, visitor, media, environmental, and physical-access safeguards for self-hosted Fi infrastructure.
Security Risk Management Policy
Defines how Cellect identifies, assesses, treats, accepts, and monitors security risks.
Secure Development and Change Management Policy
Defines secure design, version control, testing, deployment, rollback, and emergency-change requirements for Fi.
Vendor and Subprocessor Management Policy
Establishes inventory, due diligence, contracting, monitoring, and offboarding requirements for material providers.
Vulnerability Management and Disclosure Policy
Defines scanning, intake, severity, remediation, independent testing, retesting, and responsible disclosure.
Approved reviewers can read the Markdown rendering and download the corresponding PDF.
Open document room