Skip to main content
All CollectionsSecurity & Privacy
Network Security Policy
Network Security Policy
Tyler Bryden avatar
Written by Tyler Bryden
Updated over 7 months ago

1. Purpose and Scope

The purpose of this Network Security Policy is to establish guidelines and procedures to protect the integrity, confidentiality, and availability of Speak Ai Inc.‘s (“Speak Ai”) network infrastructure. This policy applies to all employees, contractors, and third parties who have access to Speak Ai’s network resources.

2. Policy Statement

Speak Ai is committed to maintaining a secure network environment to protect against unauthorized access, data breaches, and other security threats. This policy outlines the measures and controls implemented to safeguard network infrastructure and ensure the secure transmission of data.

3. Network Security Controls

  • Firewall Management: Firewalls must be configured with appropriate rule sets and are set to “deny by default” to ensure only authorized traffic is allowed. Firewall rules will be reviewed and updated regularly to ensure they align with current security requirements. Additionally, traffic from countries other than specified trusted countries will be denied.

  • Network Segmentation: The network will be segmented into different zones based on security requirements. Critical systems and sensitive data will be isolated from less secure areas of the network to minimize the risk of unauthorized access.

4. Access Controls

  • User Authentication: All users must authenticate using strong authentication methods before accessing the network. Multi-factor authentication (MFA) is required for accessing critical systems and sensitive data.

  • Access Permissions: Network access permissions will be granted based on the principle of least privilege. Users will only have access to the resources necessary for their job functions.

5. Data Encryption

  • Data in Transit: All sensitive data transmitted over the network must be encrypted using industry-standard encryption protocols to protect against eavesdropping and interception.

  • Data at Rest: Sensitive data stored on networked devices must also be encrypted to protect against unauthorized access in the event of compromise.

6. Network Monitoring and Maintenance

  • Continuous Monitoring: The network will be continuously monitored for security threats, performance issues, and other anomalies. Automated tools and manual reviews will be used to detect and respond to potential incidents. Monitoring will be enhanced through services such as AWS CloudFront and Cloudflare to provide additional security insights and protections.

  • Patch Management: Network devices, including routers, switches, and firewalls, will be kept up to date with the latest security patches and firmware updates. Regular maintenance schedules will be established to ensure timely updates.

  • Vulnerability Management: Regular vulnerability assessments and penetration tests will be conducted to identify and address security weaknesses within the network infrastructure.

7. Incident Response

  • Incident Reporting: Any suspected or confirmed network security incidents must be reported immediately to the IT Security Team. Incident reports should include a description of the incident, affected systems, and any actions taken.

  • Response Procedures: The IT Security Team will follow established incident response procedures to contain, investigate, and resolve network security incidents. Lessons learned from incidents will be used to improve network security measures.

8. Third-Party Network Access

  • Vendor and Partner Access: Third-party vendors and partners who require access to Speak Ai's network must comply with this Network Security Policy. Access will be granted based on contractual agreements and will be limited to the minimum necessary.

  • Monitoring and Audits: Third-party network access will be monitored and audited to ensure compliance with Speak Ai's security policies and procedures.

9. Training and Awareness

  • Employee Training: All employees and contractors must undergo regular training on network security best practices and the importance of protecting network resources.

  • Awareness Programs: Ongoing awareness programs will be conducted to keep users informed about the latest network security threats and the measures they can take to protect the network.

10. Policy Review

This policy will be reviewed annually or as needed to ensure its effectiveness and alignment with industry best practices and regulatory requirements. Changes to the policy will be communicated to all users.

11. Contact Information

For any inquiries or issues related to this Network Security Policy, please contact the IT Security Team at [email protected].

Did this answer your question?