Fund: Penetration tests requirement removed from Operations Security but remains in Risk Management Policy

While reviewing your policies to see how you handled Vanta templates with the requirement for yearly penetrations tests, I noticed you removed this from the Operations Security Policy. Was it your intention to keep the yearly requirement for a penetration test in your Risk Management Policy? If this was an oversight, I wanted to draw your attention to it.

Risk Management Policy

Risks are assessed and ranked according to their impact and their likelihood of occurrence. A formal Risk Assessment, and network penetration tests, will be performed at least annually and shall take into consideration the results of any technical vulnerability management activities performed in accordance with the Operations Security Policy.

Tuist/handbook

Penetration tests requirement removed from Operations Security but remains in Risk Management Policy

Risk Management Policy

How does funding with Polar work?

Backer

Contributor

Maintainer

Tuist/handbook

Penetration tests requirement removed from Operations Security but remains in Risk Management Policy

Risk Management Policy

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?