Security/Policy/Candidates

Proposed Policy that needs private drafting or review is on officewiki. This is the exception, but in limited cases is appropriate.

This page is a list of concepts or topics that the Wikimedia_Security_Team has made note of that might or will be needed:


 * Where software can be deployed from in WMF production
 * Minimum retention time for collected logs in WMF production
 * How folks can get on the early security release list
 * Email forwarding for staff accounts to 3rd party providers
 * Probably as part of acceptable use policy


 * Risk Management
 * Incident Response Policy
 * Contract Security Addendum
 * Acceptable Use Policy
 * Security Awareness Policy
 * Vendor Access Policy
 * Network Security Policy
 * Access Control Policy
 * Logging and Alerting Policy

-- Understanding Wikimedia Security Team documentation structure