Warning
🚧 Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.
Security Policies
Info
Template: This page should be filled with Patria’s formal information security policies.
Password and MFA policy
(Describe password requirements, MFA enforcement, etc.)
Secrets and credentials policy
- No credentials, passwords, tokens, or API keys may be committed to Git repositories
- Secrets must be stored in Azure Key Vault or secure platform configurations (e.g., GitHub Secrets, GCP Secret Manager)
- Secret rotation: every 12 months or immediately following a security incident
Remote access policy
(Describe VPN policy, access to production environments, etc.)
Information classification
| Classification | Description | Examples |
|---|---|---|
| Public | Can be shared externally | Marketing material |
| Internal | Internal use only | This portal, technical documentation |
| Confidential | Restricted to specific teams | Investor data, investment strategies |
| Restricted | Minimal access, justified need | Sensitive personal data, credentials |