Security & Compliance

Enableworks Information Security Policy

1. Purpose

This Information Security Policy establishes the principles and responsibilities for protecting Enableworks’ data, systems, and services from unauthorized access, disclosure, alteration, or destruction. It supports our commitment to confidentiality, integrity, and availability of information assets.

2. Scope

This policy applies to:

• All employees, contractors, and third-party partners of Enableworks.

• All information assets, including client data, internal documentation, systems, and devices.

• All forms of data storage and transmission, whether digital or physical.
  
  

3. Roles & Responsibilities

• Managing Partners: Own overall responsibility for information security oversight and risk management.

• Employees & Contractors: Required to follow security policies and report any suspected security incidents.

• Third Parties: Must adhere to security requirements outlined in contracts or NDAs.
  
  

4. Data Classification & Handling

Enableworks classifies information into the following categories:

• Confidential: Client data, contracts, proprietary business documents.

• Internal: Operational documents, internal communications.

• Public: Marketing materials, website content.
  
  

Handling Requirements:

• Access to confidential and internal data is based on the principle of least privilege.

• Use of personal devices for work purposes requires endpoint protection and access controls.
  
  

5. Access Control

• User access is granted based on role and reviewed quarterly.

• MFA (multi-factor authentication) is required for all critical systems and data access.

• Access to systems is revoked immediately upon employee or contractor offboarding.
  
  

6. Physical & Device Security

• Company-issued and BYOD devices must be password protected and set to auto-lock.

• Lost or stolen devices must be reported immediately.
  
  

7. Third-Party & Client Data Security

• We uphold contractual and legal obligations to protect client data.

• All client data is stored in secure, access-controlled environments.

• We do not share client data externally unless explicitly authorized in writing.
  
  

8. Incident Response

• All employees must report actual or suspected security incidents immediately.

• Enableworks maintains an incident response process including investigation, resolution, and notification if required.
  
  

9. Security Awareness & Training

• All team members receive security onboarding and annual refresher training.

• Periodic updates are shared about emerging risks, phishing attempts, and best practices.
  
  

10. Policy Review & Updates

This policy is reviewed annually and updated as needed to address evolving risks, business changes, or regulatory requirements.

Contact
For questions or to report a security issue, contact: team@enableworks.com