1. Overview

The Rundoo Enterprise-Wide Security Awareness Program (“Program”) establishes a framework for educating and training all employees and contractors on best practices for information security. This Program aims to reduce security risks by promoting awareness and reinforcing security protocols across the organization. The guidelines outlined in this Program are subject to change at Rundoo’s discretion and do not guarantee specific security outcomes.

2. Scope

This Program applies to all employees, contractors, and third-party service providers who access Rundoo’s systems, data, or infrastructure. It covers essential security awareness training during onboarding, ongoing peer review, and regular policy reviews.

3. Key Components of the Security Awareness Program

• Onboarding Training: All new employees and contractors must complete security awareness training as part of their onboarding process. This training covers the fundamentals of Rundoo’s security policies, including proper data handling, password management, access controls, and identifying potential security threats such as phishing attacks.
• Policy Review: As part of onboarding, all employees are required to review and acknowledge key security-related policies, including but not limited to the Information Security Program, Incident Management Program, Data Retention Policy, and Change Management Program. These documents serve as guidelines and must be reviewed periodically by all employees to ensure ongoing awareness.
• Peer Review: Rundoo incorporates peer review as a key element of maintaining security awareness across the organization. Engineers are required to submit code changes for peer review through GitHub, where team members assess not only the functionality but also the security impact of each change. This review process helps ensure that all team members actively participate in upholding Rundoo’s security standards.

4. Monitoring and Compliance

Rundoo’s security team monitors compliance with the Security Awareness Program. Employees who fail to complete required training or demonstrate poor security practices may be subject to additional training or corrective action. However, Rundoo does not guarantee the complete prevention of security incidents as a result of this Program.

5. Program Modifications

Rundoo reserves the right to modify or update this Program at any time, based on new security threats, changes in company operations, or legal requirements. Employees will be notified of significant changes, but no specific outcomes or timelines are guaranteed.

6. Disclaimer

This Security Awareness Program is intended as a general framework for promoting security awareness at Rundoo. It does not create any contractual rights or obligations, nor does it guarantee the prevention of security incidents. Rundoo disclaims any liability for incidents or breaches resulting from non-compliance or unforeseen security risks.

https://embed.notionlytics.com/wt/ZXlKM2IzSnJjM0JoWTJWVWNtRmphMlZ5U1dRaU9pSkNZMlJNVm1seFdHUjViMmRYZERKbVlsQkpaaUlzSW5CaFoyVkpaQ0k2SWpFeU1HVXhNVE01T0RabFlUZ3dNelU0WXpSaFkyRTBaVGxpTm1VNE1tUmlJbjA9