HAI complies with industry standards and best practices, such as having our information security systems independently audited annually to validate our practices and ensure compliance.
We use reasonable physical, electronic, and procedural measures to safeguard personal information and company data within our organization against loss, theft, and unauthorized use, disclosure, or modification.
Our security stance will continue to evolve – security is an ongoing journey.
The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) is a set of guidelines and recommendations that combine industry standards and best practices to help organizations manage their cybersecurity risks. It was developed in 2014 and consists of a framework of policies that describes how an organization can improve its ability to detect, respond, and prevent a cyber-attack. This framework offers a complete system of methods for detecting and managing cyber risks.
HAI has adopted this framework and audits its practices annually to measure its compliance with the standard’s requirements. We consistently maintain a strong scoring result.
We employ a Defense-in-Depth (DiD) methodology to maintain our security posture with multiple redundant fail-safes. NIST defines DiD:
“an [i]nformation security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.”
HAI is adopting MFA technology to verify a user’s valid access to our system. From Wikipedia: Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.
More information on MFA is available from NIST at https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication.
HAI is audited annually by a third party to determine its level of compliance with NIST CSF. The audit results are shared with our Board of Directors in order to provide transparency and drive continuous business improvement in this area.
HAI provides ongoing cybersecurity training to its staff to keep us current with the latest threats and to embed cybersecurity best practices into our cultural DNA.
You can proactively and voluntarily change your username/password frequently, and we recommend you do so at least once per year.
Security is our collective responsibility! Please follow the cybersecurity policies your company has established.
HAI does not require you to change your password frequently due to the security strength provided by our requirements regarding password complexity and length and increasing use of multi-factor authentication. This is in accordance with newer NIST standards and evolving industry best practices.
Please notify HAI staff as soon as you know the date when you no longer require system access so we can retire your credentials.
Yes, upon receipt of your request and after you have signed and returned HAI’s Non-Disclosure Agreement (NDA), we will send you a copy of the summary risk assessment.
Once you have signed and returned HAI’s NDA, we can provide you with additional details regarding our security measures, the cybersecurity insurance we carry, how we manage systems and staff in relation to cybersecurity, and more.