Proposed Policy that needs private drafting or review is on officewiki. This is the exception, but in limited cases is appropriate.

This page is a list of concepts or topics that the Wikimedia Security Team has made note of that might or will be needed:

  • Where software can be deployed from in WMF production
  • Minimum retention time for collected logs in WMF production
  • How folks can get on the early security release list
  • Email forwarding for staff accounts to 3rd party providers
  • Probably as part of acceptable use policy
  • Supplier and Partner Contract Addendum
  • Network Security Policy
  • Access Control Policy
  • Logging and Alerting Policy

Understanding Wikimedia Security Team documentation structure