Governance, Risk & Compliance

[cite_start]Explains how we collect, use, and share personal information across our Sites and Apps, ensuring GDPR compliance and user rights. [cite: 1658]

[cite_start]Agreement governing the use of our Site and Services, including intellectual property rights, copyright permissions, and liability disclaimers. [cite: 4703]

[cite_start]The overarching framework establishing security requirements across all operations, protecting ShineVR assets and customer healthcare data. [cite: 2759]

[cite_start]A comprehensive schedule embedding security into daily operations, establishing governance structures, meeting cadences, and continuous improvement cycles. [cite: 4769]

[cite_start]Mandatory requirements for all Google Cloud Platform infrastructure, ensuring data residency in the EEA and container-based security. [cite: 3111]

[cite_start]Controls to protect data transmission across cloud infrastructure, including VPC configuration, firewall rules, and DDoS protection. [cite: 8690]

[cite_start]Defines Role-Based Access Control (RBAC), user provisioning, and the Principle of Least Privilege across all systems. [cite: 7478]

[cite_start]Mandatory requirements for password complexity, rotation cycles, and Multi-Factor Authentication (MFA) enforcement. [cite: 2957]

[cite_start]Cryptographic standards protecting data at rest (AES-256) and in transit (TLS 1.2+), leveraging Google Cloud KMS. [cite: 6512]

[cite_start]Outlines reliance on Google Cloud's secure data centres and controls maintained at vStream office premises. [cite: 3953]

[cite_start]Procedures for data backup frequency, retention periods, RTO/RPO objectives, and disaster recovery testing. [cite: 1745]

[cite_start]Establishes severity classifications (P1-P3) and high-level reporting channels for security events. [cite: 4530]

[cite_start]A comprehensive operational guide for detecting, containing, and eradicating threats, including GDPR breach notification. [cite: 4]

[cite_start]Systematic procedures for authorizing, testing, and deploying changes to IT resources and software (CI/CD). [cite: 2140]

[cite_start]Requirements for audit trails, security event logging, and continuous monitoring via Security Command Centre. [cite: 5624]

[cite_start]Framework for assessing and monitoring third-party suppliers to ensure they meet vStream's security standards. [cite: 5809]

[cite_start]Guidelines for data lifecycles, ensuring personal info is retained only as long as necessary and disposed of securely. [cite: 835]

[cite_start]Security requirements and acceptable use guidelines for personal devices accessing Company systems. [cite: 8268]

[cite_start]Verification procedures for identity, employment history, and suitability prior to granting access to sensitive systems. [cite: 663]