Information Security Policy

This Information Security Policy explains how Amberteq Inc. (dba “Softacom”) (hereinafter “Softacom”) protects information and information systems when you use Softacom services, communicate with us (by email, phone, messenger, or any other medium), or otherwise interact with Softacom in a business context.

Softacom is certified to ISO/IEC 27001:2022 and operates an Information Security Management System (“ISMS”). Softacom is responsible for maintaining appropriate organizational and technical measures to protect information against unauthorized access, unlawful processing, accidental loss, destruction, or damage, and to support the confidentiality, integrity, and availability of information.

This Policy is intended for customers and other stakeholders. It is a public document and therefore does not include confidential technical implementation details or customer-specific information. Evidence of implementation (procedures, logs, records) is maintained internally and may be provided to customers under appropriate confidentiality terms.

Softacom is allowed to modify this Policy from time to time by publishing an updated version in response to changes in law, contractual obligations, business context, or security standards.

This Policy is active since 02/02/2026.

Definitions

As used in this Policy:

  • “Information” means data in any form (electronic, paper, verbal, or otherwise).
  • “Information Asset” means information, systems, devices, applications, services, or records that support Softacom operations or customer delivery.
  • “Confidential Information” means non-public information that could cause harm to Softacom or its customers if disclosed, altered, or lost (including customer information and business-sensitive data).
  • “ISMS” means Softacom’s Information Security Management System aligned to ISO/IEC 27001:2022.
  • “Personnel” means Softacom employees and contractors.
  • “Information Security Event” means an identified occurrence in a system, service, or process that may affect information security.
  • “Information Security Incident” means an event (or series of events) that compromises, or is likely to compromise, confidentiality, integrity, or availability.
  • “Customer/Partner Environment” means systems or services operated by customers, partners, or their suppliers where Softacom performs agreed work.
  • “Production Systems” means live customer systems used for real business operations and real data processing (not test or non-production environments).

1. General

1.1 Purpose

This Policy describes Softacom’s approach to information security and sets the high-level requirements for protecting Information Assets within the ISMS scope.

1.2 Scope

This Policy applies to Softacom Personnel and to third parties acting on Softacom’s behalf. It covers Information Assets and services within the ISMS scope. This public Policy is supported by internal procedures and standards that provide operational detail.

1.3 Governance and responsibilities

Top management is accountable for information security. The Managing Director performs the role of Information Security Manager (ISM) and coordinates ISMS oversight. All Personnel are responsible for complying with this Policy and applicable internal procedures.

1.4 Compliance and enforcement

Compliance with this Policy is mandatory. Violations may result in corrective actions and, where applicable, disciplinary measures or contract remedies, in accordance with internal processes and applicable law.

1.5 Security contact

For information security inquiries, please use the website contact form. Softacom will route security-related requests to the appropriate internal owner.

1.6 Exceptions

Exceptions to this Policy are permitted only where there is a justified business need. Any exception must be documented, time-bound, and approved by the ISM. Where applicable, risk acceptance and compensating controls are recorded.

1.7 Public policy note

This Policy intentionally excludes confidential implementation details and customer-specific information. Evidence of implementation is maintained internally and may be shared under appropriate confidentiality terms.

2. Basic principles of information security

Softacom manages information security using the following principles:

  • Risk-based management: risks are identified, assessed, and treated to an acceptable level.
  • Least privilege and need-to-know: access is granted only as required to perform assigned duties.
  • Personal accountability: individuals are responsible for protecting the information they handle.
  • Defense in depth: layered controls across people, processes, and technology.
  • Proportionality: controls are appropriate to risk and contractual commitments.
  • Documentation and traceability: key security decisions, approvals, and changes are recorded for review and audit.

3. Organization of information security

Softacom implements administrative, physical, and technical controls to support information security.

Softacom maintains administrative controls such as confidentiality obligations, controlled onboarding/offboarding (including access provisioning and revocation), security training and awareness, supplier security requirements, documented operating procedures, and inventory practices for important Information Assets and records.

Where Softacom controls physical premises, physical access is restricted and managed. For remote work and externally hosted environments, physical and environmental protections are ensured through secure workplace expectations, endpoint controls, and supplier assurance (including contractual commitments and recognized security certifications where appropriate).

Softacom implements technical safeguards appropriate to its operations, including centralized identity and access controls, strong authentication, secure remote access via approved methods, secure configuration and controlled changes, malware protection, backup and recovery, logging and monitoring, and incident management.

All Personnel must promptly report suspected or confirmed Information Security Events through established internal reporting channels. Information security incidents are assessed, responded to, and documented according to Softacom’s incident management process.

4. Information security audit

Softacom plans and conducts internal ISMS audits at least annually. Audit results, identified nonconformities, and corrective actions are documented.

Audits are performed by individuals who are independent from the audited activities to the extent practicable for the size of the organization.

Top management performs ISMS management reviews at planned intervals and decides on actions for improvement, including resource needs and changes.

5. Continuous improvement of information security

Softacom continually improves the suitability, adequacy, and effectiveness of the ISMS. Improvements may be driven by internal audits, monitoring results, incidents and lessons learned, changes in business context, or customer/legal/regulatory requirements.

When nonconformities occur, Softacom performs correction, root cause analysis, corrective action, and effectiveness checks, and retains evidence of closure.

6. Ensuring availability and integrity of information

Softacom applies organizational and technical measures to maintain the availability and integrity of information. This includes backups for critical information and system configurations according to defined requirements and periodic verification of restore capability.

Business continuity and recovery arrangements are reviewed periodically and consider information security requirements.

Access control, change control, and monitoring are used to protect information integrity and detect unauthorized modification.

7. Password and authentication requirements

Softacom requires strong authentication for access to its systems and services. Multi-factor authentication is used where feasible and proportionate to risk.

Where passwords are used, minimum length and complexity requirements apply and are enforced or centrally managed where possible. Passwords must not be shared, reused across systems, or stored insecurely. Passwords must be changed promptly after suspected compromise and periodically as defined by internal standards and system capabilities.

8. Requirements for working with email and messaging

Personnel must follow secure communication practices. This includes exercising caution with unexpected messages, links, and attachments; reporting suspicious messages promptly; and treating requests for credentials or sensitive data as suspicious.

Attachments from unknown or unexpected sources must not be opened. Potentially unsafe active content (such as macros) is disabled by default unless explicitly required and approved.

Confidential information must not be shared through unsecured channels.

9. Working in customer or partner information systems

When working in customer or partner environments, Softacom Personnel follow the customer’s agreed security requirements. If customer requirements are not provided, Softacom’s internal security rules apply by default.

Softacom does not request access to customer Production Systems unless it is required to deliver agreed services and is explicitly authorized by the customer. When production access is granted, it is limited to least privilege, time-bound where possible, monitored, and revoked when no longer needed.

Work is performed using approved environments and accounts, and data handling follows contractual constraints and least privilege.

10. Privacy and protection of personal data

Softacom processes personal data in accordance with applicable laws and contractual requirements. Access to personal data is restricted and limited to authorized purposes.

Personal data is protected against unauthorized access, disclosure, alteration, and loss through administrative and technical controls, including access restrictions, secure transfer practices, and monitoring appropriate to risk.

11. Remote access to information systems

Remote access to Softacom-managed systems is permitted only via company-approved secure channels and configurations managed by authorized personnel.

Access to externally hosted services is protected using centralized identity controls and strong authentication, including multi-factor authentication where feasible.

Personnel must not create unapproved remote access methods, expose administrative interfaces to the public internet, or bypass approved security controls.

Governing law

This Policy shall be governed by and construed in accordance with the laws of the State of Washington, USA. If any provision of this Policy is found invalid or unenforceable, the remaining provisions remain effective.

Get in touch
Our benefits
  • 18+ years of expertise in legacy software modernization
  • AI Migration Tool:
    faster timelines, lower costs, better accuracy (99.9%)
  • Accelerate release cycles by 30–50% compared to manual migration
  • 1–2 business day turnaround for detailed estimates
  • Trusted by clients across the USA, UK, Germany, and other European countries
Review
Thanks to Softacom's efforts, the solutions they delivered are already in use and have increased revenue streams.
  • Niels Thomassen
  • Microcom A/S
  • Clutch
This field is required
This field is required Invalid email address Invalid business email address
This field is required
By submitting data, I agree to the Privacy Policy
We’ll reply within 24 hours — no sales talk, no spam
2008-2026 Softacom©
USA 300 Lenora Street, Suite 6114

Seattle, WA 98121
United Kingdom 275 New North Road
Islington, Suite 1290
London, N1 7AA
email hello@softacom.com
Information Security Policy Confidentiality Policy
2008-2026 Softacom©
2008-2026 Softacom©
Softacom Reviews and Ratings - TopDevelopers.co
London Chamber of Commerce and Industry (LCCI)
Confidentiality Policy

We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. If you would like to, you can change your cookie options at any time. For more details, please read our Privacy Policy.