Security & Privacy

Information Security and Privacy Policy

Enterprise Outcomes, Inc. recognizes its responsibility to protect the information it accesses, processes, and manages on behalf of its clients, partners, and internal operations. Safeguarding this information is critical to maintaining trust, ensuring business continuity, and supporting the successful delivery of our services.

All personnel, including employees, contractors, and partners, are expected to understand and adhere to Enterprise Outcomes’ information security and privacy practices.

The leadership team is accountable for ensuring appropriate security measures, governance, and oversight are in place and consistently applied.

Wayne Biernacki
President, Enterprise Outcomes, Inc.

Purpose and Scope

This policy defines Enterprise Outcomes’ commitment to protecting information from unauthorized access, disclosure, alteration, or loss.

It applies to all individuals and third parties with access to Enterprise Outcomes systems or data, regardless of location, and covers all forms of information, including client, operational, and personal data.

Responsibilities

  • All personnel are responsible for protecting information and following security practices

  • Executive leadership ensures appropriate resources, oversight, and accountability

  • Administrative roles support day-to-day coordination and implementation of security practices

  • Partners, suppliers, and contractors are expected to meet comparable security and confidentiality standards

Information Security Principles

Enterprise Outcomes is committed to:

  • Protecting systems and data from unauthorized access

  • Maintaining the confidentiality, integrity, and availability of information

  • Ensuring personnel understand and follow security expectations

  • Reporting and addressing actual or suspected security incidents

  • Identifying and managing risks through appropriate controls

  • Continuously improving security practices based on business needs

Information Privacy Principles

Enterprise Outcomes is committed to responsible handling of personal information:

  • Collecting only the information necessary for legitimate business purposes

  • Using and sharing information only where appropriate and authorized

  • Protecting personal data against unauthorized access or misuse

  • Reporting and addressing potential privacy concerns or breaches

  • Periodically reviewing and updating privacy practices

Controls Overview

Enterprise Outcomes applies practical, risk-based controls aligned to the nature and scale of our engagements:

Access Control
Access to systems and data is restricted based on role and business need. Access is reviewed and adjusted as responsibilities change.

Data Handling & Protection
Sensitive information is handled securely, including controlled storage, transmission, and access. Data is retained only as long as necessary for business or contractual purposes.

Secure Delivery Practices
Client engagements follow structured delivery controls, including defined governance, role clarity, and controlled information sharing across onshore and offshore teams.

Vendor & Partner Management
Third-party providers and offshore resources are expected to adhere to defined security and confidentiality standards consistent with Enterprise Outcomes practices.

Incident Management
Security incidents or suspected breaches are reported, assessed, and addressed in a timely manner, with appropriate escalation and resolution.

Continuous Improvement
Security practices are periodically reviewed and refined based on risk, delivery experience, and evolving business needs.

Commitment

All personnel are required to protect the confidentiality, integrity, and availability of both Enterprise Outcomes and client information.

We treat the information entrusted to us by our clients with the same level of care and responsibility as our own, ensuring it is handled appropriately, securely, and for legitimate business purposes.