Purpose
The purpose of this article is to provide detailed information about the security controls and measures we have implemented to protect the Hayylo platform and the data it holds. It also describes our commitment to compliance with industry regulations and standards.
Security Controls and Measures
We have implemented the following security controls and measures to ensure the security of the Hayylo platform and the data it holds:
Regular Backups: We regularly back up all data stored on our platform to ensure its availability in case of any unforeseen events.
Penetration Testing: We conduct regular penetration testing with external vendors to identify vulnerabilities in our platform and address them before they can be exploited.
Data Encryption: All sensitive data stored on our platform is encrypted using industry-standard encryption algorithms. We use 2048 bit RSA encryption for data in motion and AES 256 based encryption for data at rest. This includes client information, user credentials, and other sensitive data.
Access Control: Access to the platform is granted only to authorized personnel and is based on the principle of least privilege. We use strong passwords and two-factor authentication to ensure only authorized users can access our platform.
Regular Updates: We keep our software and systems up-to-date with the latest security patches and updates to protect against known vulnerabilities.
Disaster Recovery: We have a disaster recovery plan in place to ensure continuity of our services in case of any natural disasters, power outages, or other unforeseen events.
Data Privacy: We comply with all applicable data privacy regulations and ensure that all data collected and processed by our platform is used only for the intended purpose. All data is hosted in our Australian data centres. Further details can be found at: https://hayylo.com/privacy/
Monitoring and Logging: We monitor all user activity on our platform and maintain detailed logs of all access and activity. This allows us to detect and investigate any suspicious or unauthorised activity.
Incident and Response: We have an incident response plan in place to handle any security incidents that may occur. All employees are trained on the procedures to follow in case of a security incident.
Secure Development: We follow secure coding practices and conduct regular code reviews to ensure that our software is secure and free from vulnerabilities. We also integrate static application security testing (SAST) tools into our development processes.
Third-party Partners: We only work with third-party vendors who have demonstrated their commitment to information security and data privacy.
Employee Training: We provide regular training to all our employees and contractors on information security best practices and procedures. This includes awareness training on phishing, password security, and other security-related topics.
Don’t Engage in Illegal Activities: We prohibit all employees, contractors, and third-party vendors from engaging in any illegal activities related to our platform or client data.
Internal Compliance: Our organisational security is designed around alignment with best practises such as the ISO27001 and SOC frameworks. We enforce a stringent Information Security policy for all staff and contractors.
Hosting
The Hayylo platform is hosted on Amazon Web Services (AWS) in the Sydney data, which provides us with industry-leading security features and controls. AWS provides us with the following security benefits:
- Physical Security: AWS data centres are highly secure, and access is strictly controlled using multiple layers of security measures, including biometric scanning, surveillance cameras, and security personnel.
- Network Security: AWS provides multiple layers of network security, including firewalls, intrusion detection, and prevention systems.
- Data Encryption: AWS provides multiple options for data encryption, including server-side encryption, client-side encryption, and encryption in transit.
- Compliance: AWS is compliant with multiple industry standards and regulations, including HIPAA, PCI-DSS, and SOC 2.
Data Retention
Hayylo will maintain your data for the life of the subscription. If a subscription is cancelled, your account and all associated data will be archived and no longer available to any users. Only authorised technical staff have access to archived data.
Data will be maintained in archival for 7 years. After this period it will be permanently deleted. Upon cancellation you can request for your data to be returned. You can also request for your account and data to be permanently deleted.
Reporting Security Incidents
All security incidents, including data breaches, must be reported immediately to our security team, via our help desk (support@hayylo.com). We investigate all reported incidents to identify the cause and take necessary steps to prevent similar incidents from occurring in the future.
Compliance
We are committed to complying with all applicable Australian regulations related to information security to ensure the security and privacy of our clients’ data.
Conclusion
We take information security seriously and are committed to providing a secure and reliable platform to our clients. Our information security measures are continuously monitored and updated to ensure that we provide the highest level of security possible. If you have any questions or concerns about our security policies and practices, please do not hesitate to contact us.