diff --git a/CHANGELOG.md b/CHANGELOG.md
index 01204a3..b31e761 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a ch
 
 ## [Unreleased](https://github.com/idealista/prom2teams/tree/develop)
 
+### Added
+- *[#222](https://github.com/idealista/prom2teams/pull/222) Add restrictive security context since the workload doesn't need more permissions to work.* @azman0101
 
 ## [3.0.0](https://github.com/idealista/prom2teams/tree/3.0.0)
 [Full Changelog](https://github.com/idealista/prom2teams/compare/2.7.0...3.0.0)
diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt
index c96328b..a94c413 100644
--- a/helm/templates/NOTES.txt
+++ b/helm/templates/NOTES.txt
@@ -1,2 +1,2 @@
-Prom2Teams has been installed. Check its status by running: 
-  kubectl --namespace {{ .Release.Namespace }} get pods -l "release={{ .Release.Name }}"
+Prom2Teams has been installed. Check its status by running:
+  kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index 1223040..e7a4d4f 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -37,17 +37,26 @@ spec:
               mountPath: /opt/prom2teams/helmconfig/
           env:
           - name: APP_CONFIG_FILE
-            value: {{ .Values.prom2teams.config }}
+            value: {{ .Values.prom2teams.config | quote }}
           - name: PROM2TEAMS_PORT
-            value: {{ .Values.prom2teams.port }}
+            value: {{ .Values.prom2teams.port | quote }}
           - name: PROM2TEAMS_HOST
-            value: {{ .Values.prom2teams.ip }}
+            value: {{ .Values.prom2teams.ip | quote }}
           - name: PROM2TEAMS_CONNECTOR
-            value: {{ .Values.prom2teams.connector }}
+            value: {{ .Values.prom2teams.connector | quote }}
           - name: PROM2TEAMS_GROUP_ALERTS_BY
-            value: {{ .Values.prom2teams.group_alerts_by }}
+            value: {{ .Values.prom2teams.group_alerts_by | quote }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+        {{- if .Values.securityContext.enabled }}
+          securityContext:
+            privileged: false
+            readOnlyRootFilesystem: false
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -60,3 +69,11 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+    {{- if .Values.securityContext.enabled }}
+      securityContext:
+        runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }}
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+    {{- end }}
+
diff --git a/helm/values.yaml b/helm/values.yaml
index 9b37e47..c8cf9eb 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -28,3 +28,16 @@ prom2teams:
   loglevel: INFO
   templatepath: /opt/prom2teams/helmconfig/teams.j2
   config: /opt/prom2teams/helmconfig/config.ini
+
+# Security Context properties
+securityContext:
+  # enabled is a flag to enable Security Context
+  enabled: true
+  # runAsUser is the user ID used to run the container
+  runAsUser: 65534
+  # runAsGroup is the primary group ID used to run all processes within any container of the pod
+  runAsGroup: 65534
+  # fsGroup is the group ID associated with the container
+  fsGroup: 65534
+  # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context
+  readOnlyRootFilesystem: true