External Penetration Testing Policy

Version: 1.0
Published Date: April 1st, 2024

1. Introduction

This policy mandates the periodic performance of IT security penetration testing, conducted externally, to assess the vulnerability of our software and hosting environments. The objective is to enhance our security posture by proactively identifying and rectifying potential breaches or flaws.

2. Scope

This policy applies to all IT systems, networks, and applications owned or operated by Jitbit that are accessible from external networks.

3. Policy Statement

The company shall engage with an external third-party service provider to conduct penetration testing twice a year. These tests aim to detect any security vulnerabilities within our software and hosting environments.

4. Testing Procedure

  • Frequency: Penetration testing will be performed biannually.
  • Testing Agency: An external, certified third-party will conduct the tests.
  • Scope of Testing: The testing will cover all external-facing systems and networks, including but not limited to web applications, databases, and server infrastructures.

5. Post-Testing Actions

  • Review of Results: The results of the penetration tests will be meticulously reviewed by the IT security team along with the CTO.
  • Resolution: Any critical or serious issues identified will be resolved within six months from the date of the test.

6. Confidentiality

Penetration testing results will be held confidential and will not be released to any third party, in accordance with company policy.

7. Compliance and Monitoring

Compliance with this policy will be monitored by the IT security department and reported to the CTO. Non-compliance with the testing frequency or resolution deadlines will be addressed promptly.

more whitepapers