top of page

Security Policy

Jungle Tech Corporation – Information Security Policy

Version: 1.0 | Last Updated: March 13, 2026

1. Purpose and Scope

The purpose of this policy is to establish the framework for protecting the confidentiality, integrity, and availability (the "CIA Triad") of Jungle Tech’s information assets. This policy applies to all employees, contractors, and third-party vendors with access to Jungle Tech systems.

2. Governance and Risk Management

  • Risk Assessments: Jungle Tech performs annual security risk assessments to identify threats to our cloud infrastructure and Unity applications.

  • Compliance: We maintain alignment with industry-standard frameworks (e.g., SOC 2, NIST) and comply with all contractual security obligations mandated by our partners.

3. Logical Access Control

  • Principle of Least Privilege: Access to systems is granted based on the minimum level required for a user to perform their job.

  • Multi-Factor Authentication (MFA): MFA is mandatory for all access to corporate email, cloud environments (Azure), and source code repositories.

  • Access Reviews: User access rights are reviewed quarterly to ensure permissions remain appropriate.

4. Data Protection and Encryption

  • Encryption at Rest: All sensitive data is encrypted using AES-256.

  • Encryption in Transit: All data moving over public networks is encrypted via TLS 1.2 or higher.

  • Data Classification: Information is classified into four categories: Public, Internal, Confidential, and Restricted. Controls are applied based on classification.

5. Secure Development Lifecycle (SDLC)

  • Peer Review: All code changes must undergo a mandatory peer review before being merged into production.

  • Automated Testing: We utilize Static Application Security Testing (SAST) to identify vulnerabilities during the build process.

  • Environment Isolation: Development, staging, and production environments are logically separated in Azure.

6. Asset Management and Physical Security

  • Inventory: Jungle Tech maintains an up-to-date inventory of all hardware and software assets.

  • Remote Work: All employee devices must be encrypted, password-protected, and managed via Mobile Device Management (MDM) software.

7. Incident Response and Continuity

  • Incident Plan: We maintain a documented Incident Response Plan to identify, contain, and eradicate security threats.

  • Notification: In the event of a confirmed data breach involving partner data, Jungle Tech will notify the affected partner within the contractually mandated timeframe.

  • Backups: Critical data is backed up daily and stored in a geo-redundant manner to ensure business continuity.

8. Security Awareness Training

  • All staff must complete security awareness training upon hire and annually thereafter, covering topics such as phishing, social engineering, and secure data handling.

9. Policy Violations

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

bottom of page