Information Security Policy

This information security policy defines the purpose, principles, objectives and basic rules for information security management.

This document also defines procedures to implement high level information security protections within Helpwise, including definitions, procedures, responsibilities and performance measures (metrics and reporting mechanisms).

This policy applies to all users of information systems within Helpwise. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information controlled by Helpwise (hereinafter referred to as “users”). This policy must be made readily available to all users.

This policy defines the high level objectives and implementation instructions for Helpwise’s information security program. It includes Helpwise’s information security objectives and requirements; such objectives and requirements are to be referenced when setting detailed information security policy for other areas of Helpwise. This policy also defines management roles and responsibilities for Helpwise’s Information Security Management System (ISMS). Finally, this policy references all security controls implemented within Helpwise.

• Confidentiality : a characteristic of information or information systems in which such information or systems are only available to authorized entities.
• Integrity : a characteristic of information or information systems in which such information or systems may only be changed by authorized entities, and in an approved manner.
• Availability : a characteristic of information or information systems in which such information or systems can be accessed by authorized entities whenever needed.
• Information Security : the act of preserving the confidentiality, integrity, and, availability of information and information systems.
• Information Security Management System (ISMS) : the overall management process that includes the planning, implementation, maintenance, review, and, improvement of information security.

1. Managing Information Security
   1. Helpwise’s main objectives for information security include the following:
      1. Reduced risk of data breaches and compromises
      2. Compliance with legal, regulatory, and contractual requirements.
      3. Better market image
   2. Helpwise’s objectives for information security are in line with Helpwise’s business objectives, strategy, and plans.
   3. Objectives for individual security controls or groups of controls are proposed by the company management team, including but not limited to the CEO, the CTO, and others as appointed by the CEO; these security controls are approved by the CEO in accordance with the Risk Assessment Policy.
   4. All objectives must be reviewed at least once per year.
   5. The company will measure the fulfillment of all objectives. The measurement will be performed at least once per year. The results must be analyzed, evaluated, and reported to the management team.
2. Information Security Requirements
   1. This policy and the entire information security program must be compliant with legal and regulatory requirements as well as with contractual obligations relevant to Helpwise.
   2. All employees, contractors, and other individuals subject to Helpwise’s information security policy must read and acknowledge all information security policies.
   3. The process of selecting information security controls and safeguards for Helpwise is defined in our Encryption Policy.
   4. Helpwise prescribes guidelines for remote workers as part of the Remote Access Policy.
   5. To counter the risk of unauthorized access, Helpwise maintains a Data Center Security Policy.
   6. Security requirements for the software development life cycle, including system development, acquisition and maintenance are defined in the Software Development Lifecycle Policy.
   7. Security requirements for handling information security incidents are defined in the Security Incident Response Policy.
   8. Disaster recovery and business continuity management policy is defined in the Disaster Recovery Policy.
   9. Requirements for information system availability and redundancy are defined in the System Availability Policy.