Last Updated: December 9th, 2024

Policies

In support of the highest standards of security and privacy, Weave has established the following policies which are reviewed on at least an annual basis:

• Information Security and Governance

• Privacy

• Code of Conduct and Acceptable Use

• Asset Management

• Data Classification and Lifecycle Management

• Logical Access

• Vulnerability Management

• Incident Response

• Secure Software Development and Management

• Vendor Risk Management

• Business Continuity and Disaster Recovery

Continuous Security Monitoring

We have currently implemented the following to ensure ongoing maintenance and compliance:

• Cloud Security Posture Management

• Continuous Code Repository Testing and Manual Reviews

• Dynamic Automation and Response

• Endpoint Management and Monitoring

• Application Security Testing

• Ongoing Testing and Monitoring for Availability and Integrity

• Continuous Access and Configuration Reviews

Administrative and Governance Controls

In addition to the technical controls, we have implemented the following administrative and governance controls:

• Assigned individual as the Data Protection Officer / Information Security Leader

• Policy Management

• Vendor Risk Management and Governance

• HR and Contractual Obligation Processes

• Customer Communications and Support Management

• Continuous Risk Assessments (including AI, Security, Fraud, and Operations)