Security Policy

Tupl Information Security Overview

1 Our commitment to information security

Tupl is committed to protecting the confidentiality, integrity, and availability of information entrusted to us by our customers, partners, and employees. Information security is a core component of our operations and is managed through a structured Information Security Management System (ISMS) aligned with internationally recognized standards, including ISO/IEC 27001.

2 Information Security Management System (ISMS)

Tupl has established and maintains an Information Security Management System designed to identify, assess, and manage information security risks in a consistent and systematic manner. The ISMS provides the framework through which security objectives are defined, controls are implemented, and continual improvement is ensured.
Our approach to information security is based on risk management and is integrated into business processes and decision-making across the organization.

3 Scope of information security

Tupl’s ISMS applies to the development and support of software products and related services.
Within this scope, information security covers the information systems that support software development activities and the operation and support of products delivered to customers, both in customer on-premises environments and through Tupl-owned platforms. This includes relevant systems, applications, data, processes, and personnel involved in these activities.

4 Security principles

• Risk-based security management
• Least privilege and need-to-know access
• Secure-by-design and secure-by-default practices
• Compliance with applicable legal, regulatory, and contractual requirements
• Continual improvement of security controls and processes

5 Governance and responsibilities

Information security responsibilities are clearly defined and assigned within the organization. Designated roles are responsible for overseeing the implementation and maintenance of security controls, while senior management retains accountability for information security risk acceptance and overall governance.
This Information Security Overview reflects Tupl’s current information security practices and is periodically reviewed as part of management oversight of the Information Security Management System.
Operations Made Simple
Public

6 Policies and supporting documentation

Tupl maintains a comprehensive set of information security policies, standards, and procedures that support the ISMS, including policies related to IT security, access control, incident management, data protection, and vendor management.
The full Information Security Policy, together with supporting policies and documentation, is available through the Tupl Trust Center. Copies of these documents, or additional information, can be made available to customers and other interested parties upon request to the ISMS Committee (isms.committee@tupl.com), subject to appropriate confidentiality and access controls.

7 Contact and transparency

Tupl values transparency and collaboration with its customers and partners. If you have questions regarding our information security practices or require additional assurance, please contact us through the ISMS Committee (isms.committee@tupl.com) or your usual Tupl contact.

8 Communication and Application of the Information Security Policy

This Information Security Policy Overview shall be communicated to all relevant interested parties following its formal approval.
Top Management shall ensure that adequate resources are made available to establish, implement, maintain, and continually improve the Information Security Management System (ISMS), in accordance with ISO/IEC 27001.
Top Management is accountable for the effective application of this Policy and for ensuring that information security objectives are supported throughout the Organization.
This document is approved by Top Management of Tupl Inc.