Overview

At Masterpoint, we recognize that our clients entrust us with sensitive systems and information. Security is fundamental to our work, and we maintain strict operational practices to safeguard both our internal environment and client engagements.

This document outlines our baseline security and device operation standards. These standards are reviewed annually and updated as needed to meet evolving client, contractual, and regulatory requirements.

Personnel Security

• Background Checks: Conducted as required by client engagements.
• Annual Training: All team members review Masterpoint’s security standards at least once per year.

Security Awareness

• Phishing Awareness: All staff complete phishing awareness training and are required to follow best practices to identify and avoid phishing attempts.
• Ongoing Vigilance: Masterpoint maintains a culture of proactive awareness around social engineering threats.

Access and Credential Management

• Password Standards: All account credentials are generated with strong, randomized passwords of at least 16 characters.
• Secret Storage: Masterpoint uses 1Password as the centralized system for storing and sharing credentials securely.
• Sharing Protocols: Secrets are never transmitted in plaintext. All sharing is done via secure 1Password links.

Device Security

• Auto-Lock: Devices automatically lock after 10 minutes of inactivity.
• Software Integrity: Company devices are free from pirated or unlicensed software.
• Updates: Operating systems, browsers, and critical applications are updated monthly with the latest security patches.
• Disk Encryption: All company devices employ full-disk encryption (e.g., FileVault on macOS).

Endpoint Protection