ContextQMD
Back to Tuist

Data-loss prevention

handbook/handbook/security/business-continuity-and-data-protection/data-loss-prevention.md

4.191.82.4 KB
Original Source

Data-loss prevention

  • Policy owner: Pedro Piñera Buendía
  • Effective Date: December 23rd, 2024

Purpose

The purpose of this policy is to outline the mechanisms and strategies Tuist has implemented to prevent data loss and ensure the security of company and project information. These measures are designed to minimize risks associated with unauthorized access, accidental loss, or data breaches, and to maintain business continuity and compliance with security standards.

Scope

This policy applies to all Tuist employees, contractors, and any other individuals with access to Tuist's systems, devices, or data. It covers both physical and digital environments, including remote workstations and company-managed devices.

Mechanisms

1. Disabling Cloud-Storage Solutions

To prevent the unauthorized transfer of company data to third-party cloud services:

  • iCloud and other cloud-storage solutions are disabled on remote workstations through Mobile Device Management (MDM).
  • This ensures that sensitive company data remains within approved and monitored storage systems.

2. Restriction on Removable Storage Devices

To prevent data exfiltration via physical media:

  • The use of removable storage devices, such as USB drives and external hard drives, is disabled on all company-managed devices.
  • Exceptions can only be granted by the policy owner following a thorough review and approval process.

Planned Improvements

As part of our ongoing commitment to enhancing data-loss prevention, we aim to roll out advanced Data Loss Prevention (DLP) solutions in the following areas by H2 2025:

  • Email Systems: Implementing DLP mechanisms to monitor and control the transmission of sensitive information via email.

Roles and Responsibilities

  • Policy Owner: Responsible for overseeing the implementation and adherence to the data-loss prevention mechanisms.
  • Employees and Contractors: Must comply with this policy and report any attempts to bypass these measures.
  • IT Team: Ensures proper configuration and enforcement of the outlined mechanisms.

Monitoring and Enforcement

  • Regular audits are conducted to ensure compliance with the policy.
  • Any violations of this policy will be subject to investigation and may result in disciplinary actions, up to and including termination of employment.

Version history

The version history of this document can be found in Tuist's handbook repository.