Information Security Policy Statement

Introduction

To optimize the processes and quality of the organization's output, Web1on1’s business operations must be properly safeguarded and optimized. To achieve this, Web1on1 has set up and implemented a management system in accordance with the requirements of ISO 27001. Central to this is satisfying the expectations of customers and relevant stakeholders and continuously improving the internal organization.

A combination of risk inventories, internal project evaluations, customer satisfaction analyses, laws and regulations compliance checks and internal audits help to identify possible improvements within the processes of our organization. By analyzing information and implementing improvements based on this information, a learning organization where continuous improvement is central. 

The Web1on1 Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions.  This document states the Information Security objectives and the Information Security Policy.

Objective

The objective of Information Security is to ensure business continuity and minimize business damage by preventing and minimizing the impact of security incidents.  In particular, information assets must be protected in order to ensure:

  1. Confidentiality - protection against unauthorized disclosure;

  2. Integrity - accuracy and consistency of information;

  3. Availability as and when required in pursuance of Web1on1 business objectives.

Responsibilities

  1. The management has approved this Information Security Policy.

  2. Overall responsibility for Information Security rests with the Security Officer.

  3. Day-to-day responsibility for procedural matters, maintenance and updating of documentation, promotion of security awareness, liaison with external organizations, incident investigation, management reporting etc. rests with the Security Officer.

  4. Day-to-day responsibility and liaison with external organizations for legal compliance including data protection rests with the Security Officer.

  5. All employees and chat agents acting on Web1on1's behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay.

  6. The Security Officer is responsible for implementing this Security Policy and for maintaining any of the similarly-related documents within this management system.

  7. As with other considerations including Information Security, aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by the organization.

  8. The organization’s employees are advised and trained on the specific aspects of Information Security, according to the requirements of the organization.  A confidentiality clause is signed by all members of staff as part of their conditions of contract.

  9. Adherence to Information Security procedures as set out in Web1on1 policies and guideline documents is accepted as being part of the standard operating procedures within the organization. Failure to comply will result in disciplinary action being taken.

  10. In view of Web1on1's position as a trusted provider of  CPaaS and Conversations as a Service, particular care is taken in all procedures and by all employees to safeguard the information security and data transfer of its clients.

  11. All statutory and regulatory requirements are met and regularly monitored for changes.

  12. A Business Continuity Plan is in place.  This is maintained, tested and subjected to regular review.

  13. This Information Security Policy is regularly reviewed and may be amended by the Security Officer in order to ensure its continuing viability, applicability and legal compliance, and with a view to achieving continual improvement in the Information Security Systems.

The scope according to the information security management system ISO 27001 is determined as: The development and provisioning of a Communication Platform as a Service and (Automated) Conversations as a Service  

.

On behalf of Web1on1

Joost Rijlaarsdam

CEO

Almere, October 2021