Trellix Logo

Basic Policies

Information Security Management System

The Trellix Information Security Management System (Trellix ISMS) is at the core of the global information security program. It is designed to ensure that a risk-based approach is taken for the selection, implementation, and monitoring of appropriate security controls throughout the organization.

The baseline security controls that comprise the Trellix ISMS are based on National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 5 and are further derived into management, operational, and technical categories. Industry standards, best practices, and additional security control frameworks may be used for specific zones and products beyond the Trellix baseline, such as FedRAMP, SSAE18, TISAX, IRAP, and others.

Information Technology Policies

A set of internal policies and procedures govern the implementation, monitoring, and effectiveness of the security controls. Governance of the Trellix ISMS is maintained by management system reviews and operational reviews, focused on security operational control monitoring. The Trellix ISMS aligns and is certified to ISO/IEC 27001: 2013 specifications..

Policy Excerpts

Information Security Policy Information Security Risk Management Policy Acceptable Use Policy Access Control Policy Information Classification and Handling Policy Information System Acquisition, Development and Maintenance Policy Communication and Operations Management Policy Incident Response Policy Physical Security Policy
Personnel Security Policy Business Continuity Policy OCISO Data Retention Policy Cryptographic Policy Information Security Audit Monitoring and Logging Policy Crisis Management Policy Cloud Security Policy Software Supply Chain Risk Management Policy