Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
title slug policy faq weight
Risk assessment policy
risk-assessment
true
false
2

Tailscale reviews risks on a regular basis, to ensure proper mitigations are in place.

Scope

This policy covers any risk that could affect confidentiality, availability, and integrity of Tailscale’s key information assets and systems.

Risk assessments can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.

Risk assessment

The Security Review Team is responsible for completing periodic information security risk assessments for the purpose of determining areas of vulnerability, and to identify and initiate appropriate remediations.

A risk register should include:

  • Identification of the risk
  • What mitigations have been put in place
  • Acceptance of the residual risk

The execution, development and implementation of remediation programs is the joint responsibility of the Security Review Team. Employees are expected to cooperate fully with any risk assessment being conducted on systems for which they are held accountable. Employees are further expected to work with the Security Review Team in the development and implementation of a remediation plan.

Schedule

Risks should be evaluated on an annual basis.