Security Policy

This policy covers public portal pages, CMS modules, identity and access controls, event logging, communication channels and operational monitoring.

• Role-based access control and least-privilege model.
• MFA support and session timeout controls.
• Audit logs for sign-in, administrative actions and configuration changes.
• TLS-protected transport and secure e-mail configuration (including optional PGP support).
• Operational monitoring for suspicious activity and anomaly detection.

Security events are recorded and investigated in system logs and security dashboards. Users must protect credentials, use trusted devices and report suspicious activity without delay.