Rundoo Security Function and Role Policy

1. Overview

The Rundoo Security Function and Role Policy (“Policy”) defines the responsibilities for maintaining and enforcing information security across the organization. While Rundoo’s Co-Founder & CTO, Andrew Beckman, is primarily responsible for establishing security standards, all employees play a role in upholding and practicing these standards. This Policy serves as a guideline and is subject to change at Rundoo’s discretion.

2. Scope

This Policy applies to all employees, contractors, and third-party service providers. It outlines the division of responsibility for ensuring the confidentiality, integrity, and availability of Rundoo’s systems and data.

3. Roles and Responsibilities

Andrew Beckman, Co-Founder & CTO: Andrew Beckman is the primary person responsible for setting Rundoo’s information security standards. He oversees the development, implementation, and maintenance of security policies, processes, and controls. Andrew evaluates security risks, approves security-related changes, and ensures compliance with relevant laws and industry standards. While he leads the overall security program, he does not guarantee the elimination of all risks.
All Employees: Every employee and contractor at Rundoo is responsible for maintaining good security practices. This includes, but is not limited to:
- Protecting sensitive data and ensuring proper data handling.
- Following Rundoo’s security policies and reporting any potential security incidents or vulnerabilities.
Password Management: All passwords used by Rundoo employees must be stored in 1Password, and no passwords should be kept or managed outside of this system. This ensures that access credentials are securely stored and protected with strong encryption.
- Using strong, unique passwords and adhering to multi-factor authentication (MFA) requirements.
- Ensuring that any changes they make to systems or processes undergo peer review and follow established security protocols.

4. Employee Involvement

While Andrew Beckman sets the overall security direction, security is a shared responsibility across all departments. Employees are expected to stay informed about security best practices and participate in security-related training during onboarding. By following the policies set forth, employees contribute to maintaining the security and integrity of Rundoo’s systems.

5. Program Modifications

Rundoo reserves the right to modify or update this Policy at any time without prior notice. Adjustments may be made based on changes in security risks, legal requirements, or operational needs.

6. Disclaimer

This Policy serves as a general framework for security responsibilities at Rundoo. It does not create any contractual rights or obligations, nor does it guarantee specific security outcomes. Rundoo disclaims any liability for security incidents resulting from employee actions or unforeseen threats.

https://embed.notionlytics.com/wt/ZXlKM2IzSnJjM0JoWTJWVWNtRmphMlZ5U1dRaU9pSkNZMlJNVm1seFdHUjViMmRYZERKbVlsQkpaaUlzSW5CaFoyVkpaQ0k2SWpFeU1HVXhNVE01T0RabFlUZ3dPRFJoT1dVNVl6TTRNV1EyTVRFMk16WmhJbjA9