Application: WTD
The core framework defining WTD's overall security governance and infrastructure protection.
Formal documentation of role-based permissions and the principle of least privilege.
Our 14-day patching SLA and formal process for identifying and reporting security risks.
Attesting to the use of Yubikeys, TOTP MFA, and encrypted credential storage.
Documentation of periodic audits triggered by user changes or software updates.
Requirement for all users to pass MFA before accessing the Plaid Link interface.
Automated procedures for the immediate revocation of access for removed users.
Public statement on data collection minimalism and commitment to user privacy.
Outlining the 2-month retention lifecycle for backups and active application data.