Information Security Policy Statement

Updated 2 weeks ago by Joost R

This policy statement supplements our code of conduct

Introduction

In order to optimise the processes and the quality of the organisation's output, Web1on1’s business operations must be properly safeguarded and optimised. To achieve this, Web1on1 has set up and implemented a management system in accordance with the requirements of ISO 27001. Satisfying the expectations of customers and relevant stakeholders and continuously improving the internal organisation is central to this. 

A combination of risk inventories, internal project evaluations, customer satisfaction analyses, laws and regulations compliance checks and internal audits helps to identify possible improvements within the processes of our organisation. By analysing information and implementing improvements based on this information, a learning organisation where continuous improvement is central. 

The Web1on1 Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions.  This document states the Information Security objectives and the Information Security Policy.

Objective

The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents.  In particular, information assets must be protected in order to ensure:

  1. Confidentiality i.e. protection against unauthorised disclosure
  2. Integrity i.e. accuracy and consistency of information
  3. Availability as and when required in pursuance of Web1on1 business objectives.

Responsibilities

  1. The management has approved this Information Security Policy.
  2. Overall responsibility for Information Security rests with the Security officer.
  3. Day-to-day responsibility for procedural matters, maintenance and updating of documentation, promotion of security awareness, liaison with external organisations, incident investigation, management reporting etc. rests with the Security officer.
  4. Day-to-day responsibility and liaison with external Organisations for legal compliance including data protection rests with the Security officer.
  5. All Employees and Chat Agents acting on Web1on1 behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay.
  6. The Security officer is responsible for implementing this Security Policy and for maintaining any of the similarly related documents within this Management System.
  7. As with other considerations including Information Security aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by the Organisation.
  8. The Organisation’s employees are advised and trained on the specific aspects of Information Security, according to the requirements of the Organisation.  A confidentiality clause is signed by all members of staff as part of their conditions of contract.
  9. Adherence to Information Security procedures as set out in Web1on1 policies and guideline documents is accepted as being part of the standard operating procedures within the organisation. Failure to comply will result in disciplinary action being taken.
  10. In view of Web1on1 position as a trusted provider of  global threat intelligence, hunting and response technology, particular care is taken in all procedures and by all employees to safeguard the information security and data transfer of its clients.
  11. All statutory and regulatory requirements are met and regularly monitored for changes.
  12. A Business Continuity Plan is in place.  This is maintained, tested and subjected to regular review.
  13. This Information Security Policy is regularly reviewed and may be amended by the Security officer in order to ensure its continuing viability, applicability and legal compliance, and with a view to achieving continual improvement in the Information Security Systems.

The scope according to the information security management system ISO 27001 is determined as; Providing CPaaS (Communication Platform as a Service) and Conversations as a Service.

On behalf of Web1on1

Joost Rijlaarsdam

CEO

Almere, October 2021


How did we do?

Platform Access and Service Level Agreement