Status: Aligned. Wentzel Investments LLC implements controls for SOC 2 Type 2 + ISO/IEC 27001:2022 but has not yet completed third-party audits. We use "Aligned" never "Compliant" or "Certified".

Information Security Policies

The 11 written policies below cover the Wentzel Investments LLC information security program. Canonical versions live in Confluence with formal review cadence, version history, and approval records. Customers under NDA can request a complete policy pack via the customer portal.

Policy	Scope	Source
Information Security Policy	Everyone — root of the policy hierarchy	Confluence `COMP/Policies/information-security`
Acceptable Use Policy	Everyone with access to Wentzel.ai systems	Confluence `COMP/Policies/acceptable-use`
Access Control Policy	IAM, application access, password and MFA rules	Confluence `COMP/Policies/access-control`
Change Management Policy	Production changes, PR gates, deployment	Confluence `COMP/Policies/change-management`
Incident Response Policy	Security and availability incidents	Confluence `COMP/Policies/incident-response`
Data Classification Policy	Data categories, handling rules, retention	Confluence `COMP/Policies/data-classification`
Vendor Management Policy	Onboarding and reviewing third-party services	Confluence `COMP/Policies/vendor-management`
Business Continuity Policy	Operating when normal operation is impaired	Confluence `COMP/Policies/business-continuity`
Disaster Recovery Policy	RTO/RPO, backup, restore	Confluence `COMP/Policies/disaster-recovery`
Security Awareness Training Policy	Training cadence and content	Confluence `COMP/Policies/security-awareness-training`
Privacy Policy	Personal data handling, data subject rights, GDPR/CCPA posture	Confluence `COMP/Policies/privacy`

Review cadence

Each policy is reviewed annually at minimum, plus after any material architecture change. Last-reviewed dates are tracked in the frontmatter of the canonical Confluence page. Material changes propagate to all in-scope repos via the WCB program.