Operations Management

Introduction

This policy outlines the operational controls and procedures that MailSlurp employs to ensure secure, compliant, and efficient management of our SaaS environment. It covers the key areas of operations, access restrictions, data loss prevention, email and web filtering, backup processes, system hardening, workload security, and logging, all of which are reviewed and approved annually by management.

1. Operations Policy and Procedures

Our comprehensive operations management policy and supporting procedures are reviewed and approved by executive management at least every 12 months. These documents cover system administration, change management, incident response, and overall operational security. Detailed copies of these documents are maintained internally and are available for audit upon request.

MailSlurp prohibits employees and contractors from accessing public or external email servers and file-sharing services (e.g., Dropbox). All communication must be conducted via approved corporate systems to prevent data leakage and ensure consistent monitoring and control.

3. Data Loss Prevention (DLP)

A robust Data Loss Prevention tool is in place to monitor and block the transmission of confidential or personal information via email. This solution is integrated with our email systems to enforce policies that prevent unauthorized external sharing of sensitive data.

4. Email Filtering Controls

Email filtering controls are enabled across all corporate email systems. These controls block spam, phishing attempts, and malware, ensuring that only legitimate and secure emails reach our users.

5. Web Filtering

Our web filtering tool prevents users from accessing harmful categories, including:

Webmail/Storage sites (external)
Known malicious sites No exceptions are permitted, and the system is configured to block all such content based on continuously updated threat intelligence.

6. Prohibition of Email Auto-Forwarding

MailSlurp strictly prohibits auto-forwarding of emails through both automatic and manual email rules. This prevents the accidental leakage of sensitive information to external email accounts, chat rooms, user groups, or blogs.

7. Data Backup Procedures

Our data backup procedures are reviewed and approved on an annual basis by management. These procedures ensure that all critical data is backed up regularly, stored securely, and maintained in accordance with our data retention policies.

8. Types of Backups

MailSlurp performs both full and incremental backups:

Full Backups: Complete snapshots of all critical data are taken periodically.
Incremental Backups: Changes since the last backup are captured to minimize recovery time. Differential backups are not part of our current strategy.

9. Backup Testing Frequency

Backups are tested on a monthly basis to ensure data integrity and verify that restoration processes function as expected.

10. Backup Device Encryption

All devices used for backups—including hard drives, USB devices, and backup tapes—are encrypted to protect data against unauthorized access in the event of loss or theft.

11. Backup Frequency

Backups are performed on a weekly schedule to ensure that data loss is minimized and recovery points are current.

12. Backup Retention Period

Backups are retained for a period of 12 months to comply with regulatory requirements and support effective data recovery.

13. Security Standards for Server/Network Operating Systems

MailSlurp adheres to established security standards for all server and network operating systems. We follow industry-recognized guidelines, including:

CIS Benchmarks
Vendor-specific security guidelines
These standards ensure that all operating systems, network devices, and databases are configured securely and kept up to date.

14. System Hardening Procedures

Prior to deployment, all systems undergo a comprehensive hardening process. This includes:

Removing unnecessary services and software
Applying the latest security patches
Enforcing strict configuration standards
These procedures are documented, tested, and verified as part of our deployment checklist.

15. Content Filtering Proxy for Internal Systems

All internal systems are required to route Internet access through a content filtering proxy. This ensures that outgoing traffic is scanned for malicious content and prevents access to risky websites.

16. Securing Workloads

To secure workloads across all environments, MailSlurp employs multiple best practices:

A robust configuration management process is in place.
We adhere to CIS benchmarking and manufacturer guidelines.
Builds are independently assessed for security vulnerabilities. No additional measures are omitted; all relevant practices are actively implemented.

17. Security Information and Event Management (SIEM)

A SIEM system is deployed to capture, aggregate, and analyze security logs from all assets, including virtual machines, appliances, and firewalls. This facilitates real-time threat detection and supports thorough incident investigations.

18. End User Device Logging

All end-user device operating systems and application logs are configured to provide detailed information, including:

Successful and failed login attempts
Changes to sensitive configuration settings
These logs are maintained and reviewed regularly to support effective incident response and compliance with regulatory requirements.

Conclusion

MailSlurp’s Operations Management Policy is designed to meet rigorous compliance standards for enterprise SaaS. Through strict access controls, data protection measures, comprehensive backup procedures, system hardening, and proactive logging and monitoring, we ensure a secure and resilient operating environment. All procedures are reviewed and approved on an annual basis by management to maintain our commitment to best practices and regulatory compliance.