Security & Compliance
Security- and compliance-relevant policies, standards, SOPs, and governance β curated view. Documents themselves live at the top-level /policies/, /standards/, /sops/, and /governance/ sections.
Security & Compliance
Security and compliance content is organized by document type at the top level:
| Section | Purpose |
|---|---|
| Policies | Board-approved commitments β what we will do |
| Standards | Operational specifications β how we do it |
| SOPs | Step-by-step runbooks |
| Governance | Recurring cadences, calendars, audit evidence |
This page is a security-lens view over those four sections β linking only the documents the security function owns or relies on. Other teams (Operations, HR, Legal) may curate their own views over the same top-level content.
See Policy β Standard β Implementation for the layering model.
π Security Policies
Board-approved organizational commitments.
Umbrella
- Cyber Security and Cyber Resilience Policy (POL-007) β SEBI CSCRF umbrella framework
- Cyber Risk Management Policy (POL-006) β risk identification, assessment, treatment
- Cyber Crisis Management Plan (CCMP) Policy (POL-005)
- Exception Management Policy (POL-013)
Data & Privacy
- Data Classification and Handling Policy (POL-009)
- Data Retention & Disposal Policy (POL-010)
- Data Breach Response Policy (POL-008)
- IT Rules 2021 Compliance Policy (POL-014)
Access & Accounts
- Privileged Access Management Policy (POL-018)
- Password Protection Policy (POL-017)
- Acceptable Use Policy (POL-001)
People
Infrastructure & Network
- Network Segmentation Policy (POL-016)
- Remote Access Policy (POL-019)
- Wireless Communication Policy (POL-024)
- Server Security Policy (POL-020)
- Web Application Security Policy (POL-023)
- Mobile Device Security Policy (POL-015)
- Database Credentials Coding Policy (POL-011)
Physical & Continuity
- Clean Desk Policy (POL-004)
- Technology Equipment Disposal Policy (POL-021)
- Business Continuity Policy (POL-002)
- Disaster Recovery Policy (POL-012)
Third-Party & Change
- Third-Party & Vendor Management (POL-022) β also relevant to Operations
- Change Management Policy (POL-003) β also relevant to Operations
π Security Standards
Operational specifications β CISO-signed, update with operational practice.
- Cyber Risk Management Standard (STD-005)
- Anti-Fraud Measures (STD-001)
- Asset Inventory Management (STD-002)
- Authentication & Authorization (STD-003)
- Data Protection (STD-006)
- Email Security Standard (STD-007)
- Encryption & Hashing Standards (STD-008)
- Endpoint Security Standard (STD-009)
- Firewall Management (STD-010)
- Information Logging Standard (STD-011)
- Log Management (STD-012)
- Password Construction Guidelines (STD-013)
- User Account Lifecycle (STD-014)
- Vendor Security Assessment Standard (STD-015) β also relevant to Operations
π Security SOPs
Runbooks.
- Incident Response SOP (SOP-004)
- CERT-In Compliance (SOP-002)
- Patch Management SOP (SOP-005)
- VAPT Execution SOP (SOP-007)
- VAPT Remediation Tracking (SOP-008)
- Vulnerability Management SOP (SOP-009)
- Backup & Recovery Procedure (SOP-001) β also relevant to Operations
- Vendor Onboarding & Offboarding SOP (SOP-010)
- Security Training Operations SOP (SOP-011)
For operational (non-security) incidents, see Incident Management SOP (SOP-003).
ποΈ Governance
π Circulars & Audit Documents
π Security Circulars, Audit Reports & VAPT Documentation
Security Contact
- Security Team: security@wealthy.in