Skip to main content

Information Security Policy

WeSalute operates within a complex landscape of regulations and industry standards. Our Information Security Policy is designed to ensure compliance with all applicable laws and best practices. This policy outlines the measures we take to protect sensitive information and maintain the trust placed in us.

People Operations Security

Background Screens

All WeSalute Team Members undergo background checks prior to gaining substantial access to customer data systems. WeSalute may rescind an employee's offer letter if their background check is found to be falsified, erroneous, or misleading.

Security Awareness Training

WeSalute Team Members and contractors are provided training on company's security policies and procedures during their first 30 days of employment and annually thereafter. All WeSalute personnel are then required to acknowledge, electronically, that they have the attended training and understand the security policy.

Security Code Training

WeSalute Team Members and contractors in developer roles are provided with Software Development Life Cycle ("SDLC") / Secure Coding training during their first 30 days of employment and annual thereafter. Software developers are trained in secure coding techniques, including how to avoid common coding vulnerabilities. All such personnel are then required to acknowledge, electronically, that they have attended and understand SDLC and Open Web Application Security Project ("OWASP") Top Ten common coding vulnerabilities.

Acceptable Use Policy

WeSalute's Acceptable Use Policy covers Team Members responsibilities and behavior for using WeSalute systems, including devices, email, internal tools, and social media. WeSalute Team Members must acknowledge in writing that they've read and will abide by the Acceptable Use Policy.

All of WeSalute's security policies, including the Acceptable Use Policy, are presented to new Team Members during onboarding, and all Team Members are required to sign off that they have read all such policies.

Remote Work

WeSalute Team Members who work remotely must follow these rules:

  • All company-provided equipment and any equipment used to perform work must remain in the presence of the WeSalute Team Member or be securely stored.

  • VPN (Cloudflare WARP) must be used for all connections with production infrastructure.

  • All WeSalute's data encryption, production standards, and settings must be followed for company-provided equipment and any equipment used to perform work.

  • The confidentiality, security, and privacy of WeSalute's customers must be preserved by ensuring that no unauthorized individual may view, overhear, or otherwise have access to WeSalute's customer data.

    • To enforce, all WeSalute Team Members are required to use screen protectors or be conscious of "shoulder surfing" when working in public places like a coffee shop, co-working space, or airport. WeSalute Team Members are further required not to teleconference with customers in public areas.

  • All remote work must be performed in a manner consistent with WeSalute's security policies.

Policy Review, Disciplinary, & Responsibility

Disciplinary Action

Team Members who violate any Information Security policies may face disciplinary consequences in proportion to their violation. WeSalute ExecutiveOps will determine how serious a Team Member's offense is and take the appropriate action:

  • For minor violations, Team Members may only receive verbal reprimands.

  • For more serious violations, Team Members may face severe disciplinary actions up to and including termination.

Responsibility

The WeSalute Security Team is responsible for ensuring all Information Security policies are followed.

warning

This Policy currently does not have the required policy footer content standard on WeSalute Policies. This may be intentional by the nature of the content.