WiseAthena · Public Summary

Information Security Overview

Version 1.0 · 2026

DocumentInformation Security Overview
AudienceClients, prospects and partners
OwnerInformation Security Officer (ISO)
Review frequencyAt least annually
Contact

1. About This Document

This document provides a high-level overview of WiseAthena's Information Security programme. It is intended for external audiences — clients, prospects and partners — who wish to understand our approach to protecting information assets.

WiseAthena is a B2B technology company specialising in data analytics and processing services. Protecting the confidentiality, integrity and availability of information entrusted to us by our clients is a core operational commitment.

2. Security Commitment

WiseAthena's Information Security programme is built on three foundational principles:

ConfidentialitySensitive information assets are accessible only to duly authorised individuals and systems.
IntegrityInformation assets are safeguarded against unauthorised modification or destruction.
AvailabilityAuthorised users have timely and reliable access to information assets.

3. Governance & Organisation

Information security governance at WiseAthena operates across multiple levels of the organisation:

RoleResponsibility
Board of DirectorsOversight, strategic direction and accountability for the security programme
Risk CommitteeSupervises risk management strategy, security governance and policy review
Chief Operations OfficerEstablishes and maintains the information security programme; leads strategy and oversight
Information Security Officer (ISO)Leads day-to-day security operations: policies, risk management, incident response and awareness
All employees & contractorsResponsible for adhering to security policies and reporting incidents and anomalies

Security performance indicators (KPIs) are reported to the Board of Directors at least annually. Key Risk Indicators (KRIs) are reported at least quarterly.

4. Scope of the Security Programme

The Information Security programme applies to all employees, contractors, consultants and any third party accessing WiseAthena's information assets or IT resources. It covers:

  • All IT resources and systems, both on-premise and cloud-based
  • All information and data assets transmitted or stored on company-owned resources
  • Any device connected to company networks or used to access company IT resources
  • Cloud services and third parties that process or store information assets on behalf of the organisation

5. Security Policies & Controls

The programme is governed by a comprehensive, documented and reviewed policy framework. The areas covered include, but are not limited to:

Incident ResponseAccess Control
Data Asset ManagementThird-Party Vendor Management
EncryptionNetwork Security
Security Training & AwarenessRemote Access
Asset ManagementChange Management
Configuration & HardeningBYOD Security
Business Continuity & DRPatch Management
Secure DevelopmentAntivirus & Antimalware
Password ManagementAcceptable Use
Vulnerability ManagementPenetration Testing

6. Key Security Controls

Access Management

Access to information assets is granted based on the principle of least privilege and is reviewed periodically. Remote access requires multi-factor authentication (MFA) with a minimum of two factors, and all remote connections are secured with appropriate encryption.

Risk Management

Information security risks are identified, documented and managed throughout the lifecycle of IT resources. Risks are recorded in a formal Risk Register and escalated to the Risk Committee when they exceed the organisation's defined risk appetite.

Incident Management

A formal Incident Response Policy governs the detection, reporting, handling and mitigation of security incidents. Security events and anomalous activities are monitored and analysed in a timely manner. All personnel are required to report security incidents immediately to .

Business Continuity

Business Continuity and Disaster Recovery plans are developed, maintained and tested at least annually to ensure operational resilience in the event of a disruption.

Vendor Management

Third-party services that process or store information on behalf of the organisation are subject to security oversight, periodic review and compliance validation.

Compliance

Information assets are managed in accordance with all applicable laws, regulations and industry standards. The security programme is reviewed at least annually, and following any significant regulatory change.

7. SOC 2 Alignment

WiseAthena is currently undergoing a SOC 2 audit aligned to the Security Trust Services Criteria (CC series). Our programme has been designed to satisfy the following control categories:

  • CC1 — Control Environment: governance structure, accountability and ethical commitment
  • CC2 — Communication & Information: security policy dissemination and reporting
  • CC3 — Risk Assessment: formal risk identification and treatment
  • CC4 — Monitoring Activities: continuous monitoring and regular reviews
  • CC5 — Control Activities: technical and procedural controls across systems and processes
  • CC6 — Logical & Physical Access: access management, MFA and encryption
  • CC7 — System Operations: incident detection, response and recovery
  • CC8 — Change Management: formal change control processes
  • CC9 — Risk Mitigation: vendor management and business continuity

8. Contact

For questions about WiseAthena's Information Security programme, please contact:

Security enquiries