wbp equip

Information Security Overview

Last updated: 26/01/2026

Commitment to Information Security

Wellbeing Places Equip Limited ("WBP Equip") recognises that information security is fundamental to trust, resilience, and responsible technology delivery.

The Company applies proportionate information-security practices designed to protect its systems, data, and digital assets against unauthorised access, misuse, or disruption.

Governance and Oversight

Information security is overseen as part of the Company's broader governance, risk, and compliance framework.

Responsibility for security oversight rests with senior management, with escalation mechanisms in place for material risks or incidents.

Security arrangements are reviewed periodically to ensure they remain appropriate to the Company's operations and risk profile.

Risk-Based Security Approach

WBP Equip adopts a risk-based approach to information security. Security measures are designed to reflect:

  • the nature and sensitivity of information handled;
  • the use of technology and third-party services;
  • the potential impact of security incidents; and
  • the evolving threat landscape.

This approach supports proportionate protection without unnecessary complexity.

Access Control and System Protection

The Company applies controls intended to limit access to systems and information to authorised users only. These controls may include:

  • role-based access management;
  • authentication and permission controls;
  • monitoring of access and usage; and
  • secure configuration of systems and environments.

Secure Development and Operations

WBP Equip considers security as part of system design, development, and operation.

This includes attention to:

  • separation of environments where appropriate;
  • secure handling of data during development and testing;
  • change management and version control; and
  • review of third-party components and services.

Third-Party and Supplier Security

Where third-party service providers or technology suppliers are engaged, WBP Equip seeks to ensure that security considerations form part of supplier selection and ongoing oversight.

This may include contractual, technical, or governance measures appropriate to the nature of the service provided.

Incident Awareness and Response

The Company maintains processes to identify, assess, and respond to information-security incidents. These processes are designed to support:

  • timely identification and containment;
  • escalation and management of material incidents; and
  • review and learning to reduce future risk.

Training and Awareness

WBP Equip recognises the importance of human factors in information security.

Reasonable steps are taken to promote awareness of security responsibilities among those involved in the Company's operations.

Transparency and Limitations

This Information Security Overview provides a high-level summary of the Company's approach.

For security reasons, detailed technical controls, architectures, and procedures are not disclosed publicly.

Review

This Overview is reviewed periodically to reflect changes in the Company's activities, risk profile, and the wider security environment.

All revisions must be approved by the Board and recorded in the Policy Register.