Aetas Company, LLC DBA Wambi, LLC (Wambi) maintains a formalized information security policy to comply with various regulatory and business requirements. This security policy protects all sensitive and confidential data stored, accessed, or transmitted by our software platform, including its applications, components, infrastructure, and underlying code.

Wambi has designed a risk assessment program to assess the organization’s enterprise-level risk at least annually or upon significant changes to the environment. This program is designed to identify and assess threats to and vulnerabilities in systems and in service.

Wambi takes responsibility for implementing appropriate technical and organizational safeguards to ensure the protection of sensitive information. Employees of the Company are required to read and accept the terms of a confidentiality agreement upon hire that states they are prohibited from disclosing any company data from the systems and system components to which they have access.

Wambi maintains strict control access to restrict private information to privileged users. These users are required to abide by their assigned responsibilities related to their elevated access. 

Wambi has established a Data Handling, Retention, and Disposal Program to manage information in accordance with applicable laws, regulations, policies, and standards. This program establishes a formal data retention schedule and implements a data classification standard to ensure the confidential data is secured. 

Wambi retains sensitive and confidential data only for as long as necessary to fulfill its purposes unless otherwise required by law or to meet legal and client contractual obligations.

Wambi segments its network to prevent direct or unauthorized connections between an external network and its information systems, in particular confidential data in cloud environments.

Wambi maintains a vulnerability management program to ensure the confidentiality, integrity, and availability (CIA) of the organization’s information systems landscape, which includes all critical system resources. The program includes internal and external scans, penetration testing, and issue remediation for the purposes of identifying, detecting, classifying, prioritizing, remediating, validating, and continuously monitoring vulnerabilities.

Wambi conducts independent third-party penetration tests at least annually on any systems with Confidential data or with a critical risk rating to identify security vulnerabilities.