|
6 | 6 | <title>Security Center | LotusLift</title> |
7 | 7 | <meta |
8 | 8 | name="description" |
9 | | - content="Security center for LotusLift enablement hackathon: safeguards overview and detailed data policy." |
| 9 | + content="Unified security policy for LotusLift: executive overview first, full data and engineering controls below." |
10 | 10 | /> |
11 | 11 | <link rel="preconnect" href="https://fonts.googleapis.com" /> |
12 | 12 | <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin /> |
|
32 | 32 |
|
33 | 33 | <main class="layout"> |
34 | 34 | <section class="page-head reveal"> |
35 | | - <p class="eyebrow">Security Center</p> |
36 | | - <h1>Security And Data Governance</h1> |
| 35 | + <p class="eyebrow">Unified Security</p> |
| 36 | + <h1>Security Overview And Full Policy</h1> |
37 | 37 | <p> |
38 | | - Central hub for program-level security posture, practical safeguard controls, and detailed data handling policy. |
| 38 | + One page for leadership and delivery teams: executive security summary at the top, followed by complete controls |
| 39 | + for data, code, access, and operational practices. |
39 | 40 | </p> |
40 | 41 | </section> |
41 | 42 |
|
42 | | - <section class="cards reveal delay-1"> |
43 | | - <article class="card"> |
44 | | - <h2>Security Overview</h2> |
45 | | - <p> |
46 | | - High-level controls, governance model, and operational checks for day-to-day execution and leadership review. |
47 | | - </p> |
48 | | - <a href="safeguards.html">Open Security Overview</a> |
| 43 | + <section class="spotlight-grid reveal delay-1"> |
| 44 | + <article class="card spotlight"> |
| 45 | + <h2>Executive Summary</h2> |
| 46 | + <ul class="clean-list"> |
| 47 | + <li>No private, protected, or production data in this repository</li> |
| 48 | + <li>Human review is mandatory before every commit and merge</li> |
| 49 | + <li>Security covers more than data: identity, code quality, and operations</li> |
| 50 | + </ul> |
49 | 51 | </article> |
50 | | - <article class="card"> |
51 | | - <h2>Data Safeguards Policy</h2> |
| 52 | + <article class="card spotlight"> |
| 53 | + <h2>Control Intent</h2> |
52 | 54 | <p> |
53 | | - Full policy text with allowed/prohibited content rules, commit checklist, and response guidance. |
| 55 | + Keep modernization velocity high while preventing data leakage, unsafe code promotion, and accidental |
| 56 | + exposure of sensitive enterprise details. |
54 | 57 | </p> |
55 | | - <a href="data-safeguards.html">Open Data Safeguards Policy</a> |
56 | 58 | </article> |
57 | 59 | </section> |
58 | 60 |
|
59 | | - <section class="spotlight-grid"> |
60 | | - <article class="card spotlight reveal delay-2"> |
61 | | - <h2>Core Guardrails</h2> |
| 61 | + <section class="method-divider reveal delay-2" aria-label="Security policy divider"> |
| 62 | + <p class="eyebrow">Detailed Controls</p> |
| 63 | + <h2>Full Security Policy</h2> |
| 64 | + <p>Everything below is the operational policy teams follow during this enablement hackathon.</p> |
| 65 | + </section> |
| 66 | + |
| 67 | + <section class="cards reveal delay-2"> |
| 68 | + <article class="card"> |
| 69 | + <h3>Data Handling Rules</h3> |
62 | 70 | <ul class="clean-list"> |
63 | | - <li>No private, protected, or production data in this repository</li> |
64 | | - <li>Only anonymized screenshots and dummy datasets are allowed</li> |
65 | | - <li>Human review required before every commit and merge</li> |
| 71 | + <li>Allowed: anonymized screenshots, schema metadata, and dummy/randomized data</li> |
| 72 | + <li>Prohibited: production exports, personal identifiers, credentials, internal endpoints/IPs</li> |
| 73 | + <li>All screenshots must be redacted before commit</li> |
66 | 74 | </ul> |
67 | 75 | </article> |
68 | | - <article class="card spotlight reveal delay-3"> |
69 | | - <h2>Why It Matters</h2> |
70 | | - <p> |
71 | | - Strong safeguards protect trust while letting DTB teams move faster with AI-assisted modernization and reduced |
72 | | - technical debt. |
73 | | - </p> |
74 | | - <a href="method.html">See Delivery Method</a> |
| 76 | + <article class="card"> |
| 77 | + <h3>Identity And Access Controls</h3> |
| 78 | + <ul class="clean-list"> |
| 79 | + <li>Least-privilege access for repository and deployment roles</li> |
| 80 | + <li>No shared credentials; no secrets in code, docs, or screenshots</li> |
| 81 | + <li>Rotate and revoke immediately if exposure is suspected</li> |
| 82 | + </ul> |
| 83 | + </article> |
| 84 | + <article class="card"> |
| 85 | + <h3>Code And Supply Chain Controls</h3> |
| 86 | + <ul class="clean-list"> |
| 87 | + <li>Human-reviewed AI output only; no blind copy-and-merge</li> |
| 88 | + <li>Dependency and license checks before promotion</li> |
| 89 | + <li>Favor maintainable patterns over one-off generated code</li> |
| 90 | + </ul> |
| 91 | + </article> |
| 92 | + </section> |
| 93 | + |
| 94 | + <section class="timeline" aria-label="Security execution checklist"> |
| 95 | + <article class="timeline-item reveal delay-1"> |
| 96 | + <span class="phase-id">01</span> |
| 97 | + <div> |
| 98 | + <h2>Pre-Commit Review</h2> |
| 99 | + <p>Verify no sensitive data, secrets, internal infrastructure details, or unredacted screenshots are staged.</p> |
| 100 | + </div> |
| 101 | + </article> |
| 102 | + <article class="timeline-item reveal delay-2"> |
| 103 | + <span class="phase-id">02</span> |
| 104 | + <div> |
| 105 | + <h2>Quality And Safety Gate</h2> |
| 106 | + <p>Confirm generated code is correct, secure, test-backed, and aligned to team coding standards.</p> |
| 107 | + </div> |
75 | 108 | </article> |
| 109 | + <article class="timeline-item reveal delay-3"> |
| 110 | + <span class="phase-id">03</span> |
| 111 | + <div> |
| 112 | + <h2>Response Process</h2> |
| 113 | + <p>If sensitive content is found: notify owners immediately, remove exposure from history, rotate credentials, |
| 114 | + and document corrective action.</p> |
| 115 | + </div> |
| 116 | + </article> |
| 117 | + </section> |
| 118 | + |
| 119 | + <section class="doc-content reveal delay-2" aria-label="Detailed data policy"> |
| 120 | + <h2>Detailed Data Policy</h2> |
| 121 | + <table> |
| 122 | + <thead> |
| 123 | + <tr> |
| 124 | + <th>Category</th> |
| 125 | + <th>Allowed</th> |
| 126 | + <th>Not Allowed</th> |
| 127 | + </tr> |
| 128 | + </thead> |
| 129 | + <tbody> |
| 130 | + <tr> |
| 131 | + <td>Application Artifacts</td> |
| 132 | + <td>Anonymized screenshots and workflow descriptions</td> |
| 133 | + <td>Unredacted screens containing names, emails, IDs, or case details</td> |
| 134 | + </tr> |
| 135 | + <tr> |
| 136 | + <td>Data Content</td> |
| 137 | + <td>Dummy datasets and synthetic records</td> |
| 138 | + <td>Production or user-originated records</td> |
| 139 | + </tr> |
| 140 | + <tr> |
| 141 | + <td>Infrastructure Details</td> |
| 142 | + <td>Generic architecture patterns</td> |
| 143 | + <td>Internal hostnames, IP ranges, tenant secrets, private endpoints</td> |
| 144 | + </tr> |
| 145 | + <tr> |
| 146 | + <td>Credentials</td> |
| 147 | + <td>Secret placeholders and mocked values</td> |
| 148 | + <td>API keys, passwords, tokens, or live certificates</td> |
| 149 | + </tr> |
| 150 | + </tbody> |
| 151 | + </table> |
| 152 | + <p> |
| 153 | + This consolidated page is the source of truth for security execution in this repository. |
| 154 | + </p> |
76 | 155 | </section> |
77 | 156 | </main> |
78 | 157 |
|
|
0 commit comments