Convvo AI Infrastructure and Dependency Management Policy

1. Introduction

At Convvo AI, we prioritise the security, stability, and efficiency of our IT infrastructure and software dependencies. This policy outlines the guidelines and procedures for managing our infrastructure and dependencies, ensuring the highest standards of security, privacy, and operational effectiveness.

2. Scope

This policy applies to all Convvo employees, contractors, and third-party partners involved in the management and maintenance of our IT infrastructure and software dependencies.

3. Inventory Management

3.1 Hardware and Software Inventory

Maintain a comprehensive and up-to-date inventory of all hardware and software assets. Regularly review and update the inventory to reflect any changes or additions.

3.2 Dependency Tracking

Catalogue all libraries, frameworks, and other dependencies used in our software projects. Maintain detailed records of dependency versions and update schedules.

4. Version Control

4.1 Version Tracking

Track all versions of software and dependencies in use. Use Git as our version control systems to manage code and configuration changes.

4.2 Update Policies

Follow a structured schedule for updating software and dependencies, prioritising security patches and major updates. Test all updates in a controlled environment before deployment to production.

5. Security Management

5.1 Vulnerability Monitoring

Regularly monitor for vulnerabilities in software and dependencies using automated tools, such as GitHub code snaccing. Promptly address identified vulnerabilities in accordance with their severity.

5.2 Access Controls

Implement strict access controls to ensure that only authorised personnel can modify or update infrastructure components and dependencies. Use Single Sign-On (SSO) via OAuth2 through Google and Microsoft to manage user authentication securely.

6. Change Management

6.1 Change Approval Process

Establish a formal process for approving changes to infrastructure and dependencies. Require thorough documentation and justification for all proposed changes.

7.Documentation and Communication

7.1 Documentation Standards

Maintain comprehensive documentation for infrastructure configurations and dependency management practices. Ensure that documentation is accessible to all relevant stakeholders and kept up-to-date.

7.2 Communication Protocols

Establish clear communication channels for notifying stakeholders about changes, updates, and incidents. Provide regular updates on the status of infrastructure and dependency management efforts.

8. Backup and Recovery

8.1 Backup Procedures

Regularly back up critical infrastructure components and data, with backups stored in encrypted form. Ensure backups are stored via our cloud providers in secure, geographically distributed locations to enhance durability and fault tolerance.

8.2 Disaster Recovery Plan

Develop and maintain a disaster recovery plan to swiftly restore operations in the event of a failure or disaster. Regularly test the disaster recovery plan to ensure its effectiveness.

9. Compliance and Auditing

9.1 Compliance Checks

Ensure that infrastructure and dependency management practices comply with relevant regulations and standards, including GDPR and CCPA. Regularly review and update compliance policies to reflect changes in legal requirements.

9.2 Regular Audits

Conduct periodic audits to verify adherence to this policy. Address audit findings promptly and implement necessary improvements.

10. Automation and Tooling

10.1 Automation Tools

Use automation tools for dependency management, such as package managers and GitHub Actions CI/CD pipelines, to streamline processes and reduce human error. Implement monitoring tools for real-time assessment of infrastructure health and dependency statuses.

10.2 Monitoring Tools

Employ advanced monitoring tools via our hosting provider Vercel to track infrastructure performance and security in real-time. Ensure that monitoring systems are configured to detect and alert on anomalies promptly.

11. Privacy and Data Management

11.1 Handling of Personal Identifiable Information (PII)

Treat all PII according to the strictest privacy standards, ensuring data is only accessible within authorised accounts. Use PII detection mechanisms to minimise exposure and manage data according to privacy policies and regulations.

11.2 Anonymity and Data Management

Configure data handling processes to minimise PII exposure, especially during integration and processing of data from third-party platforms like Zoom and Gong. Ensure that data access is restricted to authorised users who already have permission to view the PII through the original platforms.

12. Contact

Information For any inquiries or concerns regarding this policy, please contact our support team at hello@convvo.ai.

• Convvo AI Privacy Policy
• Convvo AI Terms and Conditions