Weave is committed to information security practices, safeguarding data through stringent policies, continuous assessments, and dynamic response strategies

Key Security Initiatives

Information Security Policy

  • Established policy covering data protection and risk management.
  • Approved by management, communicated through mandatory training, and available on our internal portal.
  • Regularly reviewed and updated annually.

Employee training

  • Mandatory annual security and privacy training for all personnel that covers key topics relevant to best practices and data protection.
  • Regular phishing tests and follow-up training and awareness.
  • Training content regularly updated to reflect the latest security trends.

Data Protection

  • Data in transit protected using TLS 1.2 encryption protocol or better.
  • Data at rest secured with AES-256 encryption or better.

Access Control

  • Implementation of least privilege and separation of duties.
  • Ensures employees access to only necessary resources, minimizing unauthorized access risks.
  • Automatic onboarding and offboarding of access to key systems.

Security Assessments

  • Routine security assessments including vulnerability scan and penetration test performed by outside vendors.
  • Proactively identifies and mitigates potential security vulnerabilities.

Incident Response

  • Comprehensive incident response plan.
  • Regularly reviewed, tested, and updated to account for emerging threats.
  • Quarterly tabletop exercises performed to stress test the plan.

Audit Logs

  • Utilized to monitor access and changes, ensuring accountability.
  • Protected against tampering, ensuring their integrity and reliability.

Risk Management

  • Formal process for evaluating and categorizing risks using frameworks like NIST.
  • Involves key stakeholders in continuous improvement of security policies and controls.

Inventory Management

  • Formal processes for inventory management of physical devices and software applications.
  • Regular audits to verify asset security and accountability.

Secure Development

  • Adheres to industry-standard security guidelines throughout the software development lifecycle.
  • Includes regular code reviews, security testing, and compliance checks.
  • Annual secure code training required for all developers.
Was this article helpful?