Overview
1. Purpose
This policy outlines DTC’s baseline security protections that can be universally applied with minimal end-user impact. These protections represent the default security posture DTC offers across systems, while additional or advanced protections may be implemented through consulting engagements.
2. Scope
This policy applies to all DTC-managed systems, including employee devices, servers, cloud environments, and applications, while recognizing that some industries may limit advanced security due to software compatibility constraints. Where industry limitations are lifted, additional protections may be deployed.
3. Roles & Responsibilities
| Role | Responsibilities |
|---|---|
| Chief Technology Officer (CTO) | Owns policy; authorizes exceptions; signs off consulting engagements for advanced protections. |
| Code Commanders | Monitor systems; assist with consulting implementations. |
| Department Heads | Ensure team systems comply with baseline protections. |
| Employees & Contractors | Comply with protections; report incidents. |
| Clients | Implement this baseline with DTC to the best of your abilities. |
4. Governance & Compliance
DTC aligns with the Health Insurance Portability and Accountability Act (HIPAA) and the Cybersecurity Maturity Model Certification (CMMC) Level 1 to:
-
Meet contractual and regulatory requirements.
-
Respect and protect all sensitive information entrusted to us.
DTC provides additional consulting services to assist clients in adopting advanced controls not covered in this baseline policy.