InfoSec Policy

Purpose and scope#

Wenable builds and operates enterprise software, managed services, AI-assisted workflows, mobile-device platforms, ERP services, and engineering engagements. This policy applies to Wenable personnel, contractors, systems, customer engagements, and operational practices that handle corporate or customer information.

Security objectives#

• Protect confidentiality of corporate and customer information against internal, external, deliberate, and accidental threats.
• Preserve integrity and availability of information through effective tools, processes, monitoring, and review.
• Integrate risk management into organizational strategy, product delivery, operational planning, and supplier selection.
• Build risk-based thinking into work culture through training, awareness, and accountable ownership.
• Maintain business continuity measures for products, services, and customer-support operations.
• Continually improve information security controls using best practices, technology, audits, and lessons learned.

Control areas#

• Identity and access controls for systems, repositories, cloud services, admin consoles, and customer environments.
• Secure handling of customer data, source code, logs, prompts, outputs, credentials, and support artifacts.
• Audit trails and review points for production operations, AI workflows, administrative changes, and customer-impacting actions.
• Secure software delivery practices, including review, testing, dependency awareness, configuration discipline, and separation of environments where appropriate.
• Monitoring, alerting, backup, incident response, and business continuity practices designed to reduce downtime and data risk.
• Vendor and subprocessors review for services that support hosting, analytics, communications, security, AI, and customer delivery.

AI and automation security#

AI-assisted systems add new risks around data exposure, prompt injection, unsafe tool use, hallucination, and automation drift. Wenable designs these systems with access boundaries, logging, evaluation, human approval, and monitoring where appropriate for the engagement.

Customers remain responsible for approving policies, automations, and outputs before applying them to regulated, safety-sensitive, financial, legal, employment, or other consequential workflows unless a separate agreement defines a different control model.

People and awareness#

Wenable personnel are expected to understand the importance of information security, follow approved procedures, protect credentials, report concerns, and handle customer information with care. Awareness is reinforced through work practices, review processes, and management oversight.

Continuity and incident response#

Wenable maintains continuity and incident-response practices intended to detect, evaluate, contain, communicate, and recover from security or availability events. The specific obligations, timelines, and notices for a customer engagement may be defined in the applicable agreement.

Certification and continual improvement#

The public Wenable site references ISO/IEC 27001:2013 and ISO 9001:2015 certifications, audited by SGS and accredited by UKAS. Certification scope, customer commitments, and contractual control requirements should be confirmed in the applicable sales or security review process.

Wenable reviews security posture through operational learning, customer requirements, delivery retrospectives, audits, risk reviews, and technology changes.