The core of the Hyper Anna business involves dealing with sensitive client data.
From day one, we built our product and designed our business processes and Software Development Lifecycle with security and risk in mind.
We have carefully selected controls from ISO/IEC 27002 and software development best practice as a guideline for building our internal policies, processes, risk management and information security controls. Our policies cover both internal organisation and data security.
Internal policies and procedures
With respect to our internal protocols, we have roles and responsibilities defined for information security, segregated across roles and individuals to avoid conflicts of interest and prevent inappropriate activities. We have human resource policies and background checks for sensitive roles. We conduct security training for all new employees, and a formal disciplinary process is in place to handle information security incidents allegedly caused by staff.
We employ mobile devices and teleworking policies and controls for mobile devices (such as laptops, tablet PCs, smartphones, and removable media). We have strict access controls to manage the allocation of access rights to users from initial user registration through to removal of access rights when no longer required. Information access is restricted in accordance with the access control policy and to the minimum required privileges. All client data is encrypted both at rest and in transit. If our clients have data sovereignty requirements, we ensure their data is stored in the required geographical region.
Our physical and environmental security is strictly followed for our development environment. For our customer data we employ Microsoft's cloud solution, Azure, which is accredited, reputable and industry renowned for their approach to data security.
We have implemented policies around operations security such as IT operating responsibilities and procedures, Backups, Logging & monitoring, Technical vulnerability management and Information systems audit considerations.
We are constantly reviewing our business continuity management at the board level, and the Information security continuity and redundancies in all the levels below.
We identify and document our obligations to external authorities and other third parties in relation to information security, including intellectual property, business records, privacy/personally identifiable information and cryptography. We also conduct external and independent security reviews to enhance our security and to ensure to our customers, the highest security standards are utilised and met.
If you have any questions, please contact us at firstname.lastname@example.org.