This policy and associated guidance establish the roles and responsibilities within Sourcegraph, which is critical for effective communication of information security policies and standards. Roles are required within the organization to provide clearly defined responsibilities and an understanding of how the protection of information is to be accomplished. Their purpose is to clarify, coordinate activity, and actions necessary to disseminate security policy, standards, and implementation.
This policy is applicable to all Sourcegraph employees and contractors who are involved with the Information Security Program. This policy applies to all other agents of Sourcegraph with access to Sourcegraph information and network. This includes, but not limited to partners, affiliates, contractors, temporary employees, trainees, guests, and volunteers. The titles will be referred to collectively hereafter as the “Sourcegraph community”.
|Board of Directors||
|Sourcegraph Employees, Contractors, temporary workers, etc.||
Sourcegraph will measure and verify compliance to this policy through various methods, including but not limited to, business tool reports, and both internal and external audits.
Any known violations of this policy should be reported to firstname.lastname@example.org. Failure to follow this policy can result in disciplinary action, up to and including termination.
|1.0||23-Sept-2021||First Version||Nicky Van Maanen||Diego Comas|
|1.1||27-JAN-2022||Minor updates||Diego Comas||Diego Comas|
|2.0||09-Jun-2022||Updated Roles & Resp matrix||Dora Neumeier||Diego Comas|