Proposed Policy that needs private drafting or review is on officewiki. This is the exception, but in limited cases is appropriate.
This page is a list of concepts or topics that the Wikimedia Security Team has made note of that might or will be needed:
- Where software can be deployed from in WMF production
- Minimum retention time for collected logs in WMF production
- How folks can get on the early security release list
- Email forwarding for staff accounts to 3rd party providers
- Probably as part of acceptable use policy
- Supplier and Partner Contract Addendum
- Network Security Policy
- Access Control Policy
- Logging and Alerting Policy
Understanding Wikimedia Security Team documentation structure