best_practices.md

@@ -0,0 +1,8 @@
+# Best Practices Mandate
+
+This document lists the security practices that the Intrusive Thoughts
+Creative Collective requires its members strictly adhere to in order
+to protect ourselves as an organization from external threats.
+
+This document is maintained by the Infrastructure Committee. Any
+change to this document should be announced to the collective body.

constitution.md

@@ -174,14 +174,18 @@ and spread our shared vision of a humane social order.
    IT assets and infrastructure, as well as any physical Collective
    assets.
 
-3. The Infrastructure Committee shall be responsible for provisioning
+3. The Infrastructure Committee shall be responsible for defining the
+   Collective's security practices, and shall document these practices
+   in the [Best Practices Mandate][best-practices].
+
+4. The Infrastructure Committee shall be responsible for provisioning
    and acquiring new IT assets for the Collective as mandated by the
    other committees and/or the collective body.
 
-4. The Infrastructure Committee shall be responsible for assisting all
+5. The Infrastructure Committee shall be responsible for assisting all
    members of the collective body in the use of Collective IT assets.
 
-5. Immediately upon discovery of any instance of unauthorized access
+6. Immediately upon discovery of any instance of unauthorized access
    of any Collective IT asset, the Infrastructure Committee shall
    announce the incident to the collective and subsequently begin the
    process of mitigating damages and advising any affected
@@ -490,7 +494,7 @@ and spread our shared vision of a humane social order.
       amendment with the same text as a previously-rejected amendment
       may be submitted.
 
-
+[best-practices]: best_practices.md
 [business]: business.md
 [coc]: CODE_OF_CONDUCT.md
 [core-infrastructure]: core_infrastructure.md