Business Continuity Plan The Business Continuity plan aims to minimize interruptions to normal operations, limit the extent of disruptions and damage in disasters, and establish alternative means of operation in the event of emergencies. The Business Continuity describes the types of disruptions, the roles of key personnel in continuity planning and disruption response, the applications...
Standards Compliance Our development team designs and maintains architecture, access rules, logging, and monitoring/alerting in our production cloud environment that aim to achieve compliance with the CIS AWS Benchmark. An internal review is performed annually for all scored, Level 1 controls, with the reviewers, date, and benchmark score recorded. Remediations for noncompliances are maintained, prioritized, and...
Objective To continuously monitor the effectiveness of controls implemented in support of Nested Knowledge policies. Procedure Revision History Author Date of Revision/Review Comments K. Cowie 10/14/2024 Reviewed K. Holub 02/24/2023 Drafted
The purpose of this policy is to describe the process for filing notices of copyright infringement in accordance with the Digital Millennium Copyright Act (DMCA). 17 U.S.C. § 512, et al. DMCA Safe Harbor Pursuant to the DMCA Safe Harbor, Nested Knowledge, a software service provider, will not be liable for copyright infringement of materials...
The purpose of this policy is to categorize, describe, and determine the level of protection required for various types of Nested Knowledge data. Scope Nested Knowledge Data: company data is information generated by or for, owned by, or otherwise in Nested Knowledge’s possession. Company data includes, but is not limited to, research data, business data,...
The document retention policy exists to reduce risks, eliminate waste, and abide by relevant laws by specifying procedures pertaining to the retention, storage and deletion of physical and digital records. Scope and Definitions: This policy affects all Nested Knowledge employees, contractors, consultants, and business partners. Digital records include contracts, operating agreements, tax returns, emails, chats,...
To mitigate risks and vulnerabilities individual personnel are responsible for ensuring that the computers and devices used to access Nested Knowledge services and systems are protected by basic security measures. Scope: This policy affects all employees, contractors, and consultants of Nested Knowledge. Definitions: End-User Device Policy We require end-user devices to be protected by the...
Any employee or contractor who discovers any event of a questionable, fraudulent, or illegal nature should: These reports should be made without fear of retaliation. The incident response team will evaluate the incident and determine whether to notify the client. Situations that require escalation to the client include: Timeline When an incident has occurred, Nested...
Nested Knowledge is located in the United States and provides software services to users in the European Union. Scope: GDPR applies to the processing or controlling (by companies in ANY location) of personal data belonging to data subjects in the EU. Key Terminology: GDPR Compliance Policy Nested Knowledge is committed to processing data in a lawful,...
This Incident Response Plan exists to ensure that we consistently handle information security events in an effective and efficient manner. Scope This policy offers guidance for employees, contractors, and consultants of Nested Knowledge who believe they have discovered or are responding to a security incident. Affected Systems This policy applies to all computer and communication...
