Title: Endpoint Security Policy
Document ID: [POL-ENDPOINT-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CEO (Paul Hague)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Endpoint Security Policy

## Purpose

This policy defines BlackDice's high-level requirements for securing endpoints used to access company systems and information.

## Scope

This policy applies to laptops, workstations, mobile devices, privileged administration devices, and other endpoints used for in-scope business activity.

## Objectives

- reduce endpoint-related risk to systems and information
- support secure access to cloud services, code repositories, and administrative interfaces
- ensure baseline protections are applied consistently

## Principles / Policy Statements

Endpoints used to access in-scope systems or information must be configured and managed according to approved security requirements.

Security baseline controls should address system hardening, authentication, encryption, patching, malware protection, and device lock requirements as appropriate.

Endpoints used for privileged access to production platforms, cloud administration, or customer-sensitive information should receive stronger control and monitoring.

Local storage of sensitive information should be minimised and protected according to classification and business need.

Lost, stolen, or compromised endpoints must be reported promptly.

## Roles and Responsibilities

- [Role] must define endpoint security expectations.
- Device owners and users must protect endpoints and report security issues promptly.
- Administrators must maintain required endpoint controls where they are responsible for managed devices.

## Compliance / Exceptions

Use of unmanaged or non-compliant endpoints for in-scope access must be prohibited unless formally approved and risk-assessed.

## Monitoring and Review

This policy should be reviewed through endpoint assurance activity, incidents, vulnerability management, and audit.

## Related Documents

- Information Security Policy
- Remote Working Policy
- Access Control Policy
- Vulnerability and Patch Management Policy

## Version Control

| Version | Date | Description of Change | Author |
| --- | --- | --- | --- |
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |