Purpose
This policy establishes Perfect Wiki's commitment to protecting the confidentiality, integrity, and availability of customer data and company information assets. It is the top-level policy from which all other security policies derive.
Scope
Applies to all systems, services, employees, contractors, and third parties that store, process, or transmit Perfect Wiki information. Customer data is covered by every clause of this policy by default.
Policy
- Information security is owned and sponsored by the CEO/CTO and reviewed at least annually.
- Customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to production systems and customer data is granted on a least-privilege, need-to-know basis and is reviewed periodically.
- Authorized personnel with production access undergo a background check and sign confidentiality / non-disclosure terms before access is granted.
- Production, staging, and development environments are physically and logically separated. Production data is never used in non-production environments.
- Security events are logged and monitored; incidents are handled per the Incident Response Plan.
- Risk is identified and treated per the Risk Management Policy; vulnerabilities are remediated per the Vulnerability & Patch Management Policy.
- All Perfect Wiki policies are made available to customers via the Trust Center.
- Non-compliance with this policy may result in termination of employment or contract and other legal action.
Roles & responsibilities
- CEO/CTO (Ilia Pirozhenko): Owner of this policy; approves changes; final authority on security decisions.
- All personnel: Comply with this policy and report suspected incidents to [email protected].
- Customers: Manage their own users' access and identity-provider security (MFA, password policy, conditional access).
Review cadence
Reviewed and re-approved at least annually, or when significant organizational or technical change occurs.