Security and Compliance#

Security Policy#

All engineers understand and abide by the Bixal Solutions Employee/Contractor Security Policy. Further, we have taken care in following all the steps laid out in the Security Training.

In particular:

As Developers#

As Drupal Developers#

Privileged Access#

Advanced: Connecting to TFA-enabled Sevices/Apps#

Some applications and services may need to connect to your Bixal Solutions Office365 account but they might not be able to handle TFA. An example of this would be the Android Gmail client, connecting to Office365 for email. For this purpose Microsoft has created something called App Passwords. App Passwords allows you to create a unique password for each of your services/apps. If this password is used while authenticating your service/app to access your Bixal Solutions' account it will bypass TFA.

There are some instructions at https://support.office.com/en-us/article/create-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183 on how to use App Passwords with Google. Several other TFA-enabled services also support app passwords -- see their respecive documentation.

IT: Sharing Service Accounts#

Continuous Monitoring#

We use tools to support continuous monitoring for performance and efficiency, and to ensure proper operation and security. These tools include (not an exhaustive list):

Incident Response#



Edit on GitHub

Documentation built with MkDocs using a modified Windmill Dark theme