Security Policies

Acceptable Use

• Company devices are for work use — limited personal use is acceptable
• Do not install unapproved software on company devices: [FILL: process to request software]
• No storage of company data on personal devices or unapproved cloud storage
• VPN required when accessing [FILL: production systems, internal tools]

Phishing

• If you receive a suspicious email: Do not click links — report via [FILL: PhishAlarm button / forward to [email protected]]
• If you clicked a phishing link: Immediately notify #security-incident — no judgment, act fast
• Phishing simulations: Apollo runs periodic tests — treat them as real

Compliance

• SOC 2 Type II: Apollo is certified — [FILL: scope, renewal date]
• GDPR / CCPA: Customer data handling requirements — see [FILL: data handling policy link]
• Annual security training: Required for all employees, due [FILL: date]
• Acceptable use policy: [FILL: link to full policy]

Reporting a Security Concern

1. Active incident (breach, ransomware, account compromise): #security-incident immediately
2. Vulnerability found: Report via [FILL: security@ or bug bounty program]
3. Policy question: #security

Contacts

• #security — policy questions, security reviews
• #security-incident — active security events (use 24/7)
• Security lead: [FILL: name]