[ ] Policy of forcing partners to not give us "real" websites
[ ] Switch off of Qbox.
[ ] Audit of current data. Think about ways we can change data collection to get better data/reduce footprint.
[ ] Eliminate email storage on our systems (allow providers the opportunity to store)
[ ] Separation of partner data storage/make it easier to send them exclusive stream of data.
[ ] Making it clear that our dependencies (particularly those interfacing with integration partners like P.sh/Pantheon/etc.) have separate privacy policies. Make the liability distinct.
[ ] Security scanning of Docker images/using official Docker images.
[ ] Dependency scanning -> way to keep more up-to-speed.
Tandem
[ ] Limiting usage of public unprotected networks. Promote cell phone?
[ ] VPN
[ ] Rotating SSH keys/passwords.
[x] Go through training checklist.
[ ] Review compliance with individual team members.
[ ] Initial project audit for sensitive data.
[ ] Response if someone's computer is compromised/off-boarding a user.
Lando
Tandem