bin-there-done-that/documents/genesishosting/security/security-policy.md

# Security Policy

Genesis Hosting Technologies enforces strict security practices across all infrastructure and services to protect client data and maintain service integrity.

## Core Principles

- Least privilege for all users and services
- Regular audits and patching
- Encrypted communication and storage
- Real-time monitoring and alerting

## Enforcement Areas

- 2FA required for all admin portals
- SSH access limited to key-based logins
- Centralized log collection and review
- All critical assets monitored via Genesis Shield

## Review Cycle

- Policies reviewed quarterly
- Logs retained for 30–90 days depending on system
- Incidents reviewed post-mortem with improvements logged