Information Security Policy.
Last updated: April 2026.
Governance
B2B Leo maintains a formal information security program owned by leadership and reviewed at least annually. The program aligns with SOC 2 and ISO 27001 control principles.
Risk management
We perform periodic risk assessments to identify, evaluate and treat threats to client data. Findings feed a tracked remediation plan with assigned owners.
Asset and data classification
Information assets are inventoried and classified by sensitivity. Handling, storage and disposal requirements are defined for each classification level.
Access management
Access follows least-privilege with role-based controls, mandatory multi-factor authentication, periodic access reviews and prompt deprovisioning on role change or exit.
Secure operations
Change management, vulnerability management, secure development practices and continuous monitoring are embedded in day-to-day operations.
Business continuity
Backups are encrypted, tested and geographically separated. A documented disaster recovery plan defines recovery objectives and is exercised regularly.
Personnel security
Employees and contractors undergo background checks where permitted, sign confidentiality agreements and complete recurring security awareness training.
Incident management
A formal incident response procedure governs detection, containment, eradication, recovery and post-incident review, including timely client notification.
Contact
To request our security overview or report a concern, contact security@b2bleo.com.
Let's build a pipeline you can actually close.
Tell us your ICP, your goals, and one painful bottleneck. We'll come back with a concrete 30-day plan — no pitch deck, no pressure.