1. Purpose and Scope
The purpose of this Network Security Policy is to establish guidelines and procedures to protect the integrity, confidentiality, and availability of Speak Ai Inc.‘s (“Speak Ai”) network infrastructure. This policy applies to all employees, contractors, and third parties who have access to Speak Ai’s network resources.
2. Policy Statement
Speak Ai is committed to maintaining a secure network environment to protect against unauthorized access, data breaches, and other security threats. This policy outlines the measures and controls implemented to safeguard network infrastructure and ensure the secure transmission of data.
3. Network Security Controls
Firewall Management: Firewalls must be configured with appropriate rule sets and are set to “deny by default” to ensure only authorized traffic is allowed. Firewall rules will be reviewed and updated regularly to ensure they align with current security requirements. Additionally, traffic from countries other than specified trusted countries will be denied.
Network Segmentation: The network will be segmented into different zones based on security requirements. Critical systems and sensitive data will be isolated from less secure areas of the network to minimize the risk of unauthorized access.
4. Access Controls
User Authentication: All users must authenticate using strong authentication methods before accessing the network. Multi-factor authentication (MFA) is required for accessing critical systems and sensitive data.
Access Permissions: Network access permissions will be granted based on the principle of least privilege. Users will only have access to the resources necessary for their job functions.
5. Data Encryption
Data in Transit: All sensitive data transmitted over the network must be encrypted using industry-standard encryption protocols to protect against eavesdropping and interception.
Data at Rest: Sensitive data stored on networked devices must also be encrypted to protect against unauthorized access in the event of compromise.
6. Network Monitoring and Maintenance
Continuous Monitoring: The network will be continuously monitored for security threats, performance issues, and other anomalies. Automated tools and manual reviews will be used to detect and respond to potential incidents. Monitoring will be enhanced through services such as AWS CloudFront and Cloudflare to provide additional security insights and protections.
Patch Management: Network devices, including routers, switches, and firewalls, will be kept up to date with the latest security patches and firmware updates. Regular maintenance schedules will be established to ensure timely updates.
Vulnerability Management: Regular vulnerability assessments and penetration tests will be conducted to identify and address security weaknesses within the network infrastructure.
7. Incident Response
Incident Reporting: Any suspected or confirmed network security incidents must be reported immediately to the IT Security Team. Incident reports should include a description of the incident, affected systems, and any actions taken.
Response Procedures: The IT Security Team will follow established incident response procedures to contain, investigate, and resolve network security incidents. Lessons learned from incidents will be used to improve network security measures.
8. Third-Party Network Access
Vendor and Partner Access: Third-party vendors and partners who require access to Speak Ai's network must comply with this Network Security Policy. Access will be granted based on contractual agreements and will be limited to the minimum necessary.
Monitoring and Audits: Third-party network access will be monitored and audited to ensure compliance with Speak Ai's security policies and procedures.
9. Training and Awareness
Employee Training: All employees and contractors must undergo regular training on network security best practices and the importance of protecting network resources.
Awareness Programs: Ongoing awareness programs will be conducted to keep users informed about the latest network security threats and the measures they can take to protect the network.
10. Policy Review
This policy will be reviewed annually or as needed to ensure its effectiveness and alignment with industry best practices and regulatory requirements. Changes to the policy will be communicated to all users.
11. Contact Information
For any inquiries or issues related to this Network Security Policy, please contact the IT Security Team at [email protected].