Resource library

Oct 2025

Jan 2025

No description available.

No description available.

Certified March 12, 2026

Jul 2025

Defines ethical standards and acceptable behaviour for all employees, promoting integrity, professionalism, and respect in internal operations and external interactions.

Outlines the organization's approach to protecting data and systems through administrative, technical, and physical safeguards aligned with compliance standards.

Provides guidance for identifying, classifying, and protecting company-owned assets, ensuring they are tracked, maintained, and security handled throughout their lifecycle.

Defines how data is classified, stored, accessed, and retained to ensure accuracy, confidentiality, and regulatory compliance across business operations.

Describes how user access to systems and data is provisioned, reviewed, and revoked based on roles and business needs, following the principle of least privilege.

Details the process for identifying, assessing, and remediating security vulnerabilities to reduce risk across infrastructure, systems, and applications.

Outlines how the organization detects, reports, investigates, and responds to security incidents to minimize impact and support recovery and compliance obligations.

Covers secure development practices, version control, and deployment standards to ensure software is securely developed, tested, and maintained throughout its lifecycle.

Defines how vendors are assessed, onboarded, and monitored for security and compliance risks, ensuring appropriate controls are in place for third-party access to data or systems.

Establishes plans for maintaining operations during outages or crises, and outlines recovery procedures to restore systems and services with minimal disruption.

This policy and associated guidance establish the roles and responsibilities within Weave, which is critical for effective communication of information security policies and standards.

Defines actions to address Weave information security risks and opportunities. To define a plan for the achievement of information security and privacy objectives.

Ensures that employees and contractors meet security requirements, understand their responsibilities, and are suitable for their roles.

Explains how personal and sensitive data is collected, used, shared, and protected in accordance with relevant privacy regulations like GDPR, HIPAA, CRPA, CCPA, and other applicable privacy legislations.