top of page

SECURITY POLICY

SECURITY POLICY

Introduction

ht+a takes our users’ security concerns seriously. We strive to ensure that user data is kept securely and that we collect only as much personal data as is required to provide our services to users efficiently and effectively. This Security Policy is intended to inform and reassure you about our IT infrastructure and practices.
 
The Terms & Conditions & Privacy Policy apply to this Security Policy, including any defined terms used herein.

Internal Policies

ht+a has an internal security policy that requires all employees, contractors and suppliers to comply with. All policies are compiled, reviewed and updated by the technology and management team. This covers information classification, information handling, physical security, HR-related policies, system and network security, acceptable use, account deactivation, encryption and confidentiality requirements.
 
ht+a also has its own Risk Assessment Policy, which covers threat identification, vulnerability assessment, risk analysis and risk treatment.
 
Both policies require annual sign-off and exception approval by the senior management team.

User Security
​​
Authentication

  • Data access throughout our system is limited and segregated by role-based access control (RBAC). System administrator accounts are further secured through two-factor authentication (2FA). User accounts have unique usernames and passwords. ht+a issues session cookies only to record encrypted authentication information for the duration of a specific session.


Passwords

  • User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.


Data Encryption

  • Data in our systems is encrypted at rest and in transit.

Privacy

  • Our comprehensive Privacy Policy provides a very transparent view of how we handle your data, including how we use it, who we share it with, and how long we retain it.


Data Residency

  • System data, personal data, client data and response data are all stored securely in cloud systems.


Network Security

Access Control

  • Two-factor authentication (2FA), and role-based access are enforced for systems management by authorized staff.


Encryption in Transit

  • Data between endpoints in our system is encrypted through SSL/TLS solutions.


File Sharing

  • We share files with clients through secure cloud-based solutions.

 
Vulnerability Management

Patching

  • Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate vulnerability exposure.


Organizational & Administrative Security

Information Security Policies

  • We maintain internal information security policies, including breach and incident response plans, and regularly review and update them.


Employee Screening

  • We perform background screening on all employees, to the extent possible within local laws.


Training

  • We provide security and technology use training for employees.


Service Providers

  • We screen our service providers and bind them under contract to appropriate confidentiality, data protection and security obligations.


Access

  • Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.


Audit Logging

  • We maintain and monitor audit logs on our services and systems.

 
Software Development Practices

Coding Practices

  • Our engineers use best practices and industry-standard secure coding guidelines.


Deployment

  • We deploy code frequently, giving us the ability to react quickly in the event a bug or vulnerability is discovered within our systems.

 
Handling of Security Breaches
 
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if ht+a learns of a security breach, we will notify affected users within 72 hours so that they can take appropriate protective steps and, where required, notify the regulatory authorities within specified periods. Our breach notification procedures are consistent with our obligations under relevant laws and regulations, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices and posting a notice on our website if a breach occurs.
 
Your Responsibilities
 
Keeping your data secure also depends on ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your systems, to keep any data you download to your computer away from prying eyes. We offer SSL to secure the transmission of data.
 
Further Security Questions
 
Any further security questions or security forms can be addressed to enquiries@ht-a.solutions

In cases of translated versions of this policy, the ENGLISH version shall prevail.

LAST UPDATED: 27 February 2024


 

bottom of page