Security/Policy/Candidates

Proposed Policy that needs private drafting or review is on officewiki. This is the exception, but in limited cases is appropriate.

This page is a list of concepts or topics that the Wikimedia Security Team has made note of that might or will be needed:


 * Where software can be deployed from in WMF production
 * Minimum retention time for collected logs in WMF production
 * How folks can get on the early security release list
 * Email forwarding for staff accounts to 3rd party providers
 * Probably as part of acceptable use policy


 * Supplier and Partner Contract Addendum
 * Network Security Policy
 * Access Control Policy
 * Logging and Alerting Policy

Understanding Wikimedia Security Team documentation structure