Information Security Policy Statement
At Harvest, we build relationships with our clients based on a foundation of trust and integrity. This means that we take the security and protection of our client’s sensitive and confidential information very seriously. To this end we have established a number of Privacy and Information & Communications Technology (ICT) Policies intended to continuously safeguard the security and integrity of our clients’ confidential information.
Information Security Initiatives
In order to best protect our clients’ sensitive and confidential data, we have implemented information security systems and processes based on the ISO/IEC 27001 Data Security Standard, including:
- Securing connections into and out of our ICT infrastructure via SSL using 256-bit AES encryption.
- Implementing network security measures including firewall and anti-malware systems.
- Physical security measures including restricted access to infrastructure hardware.
- Monitoring our systems and infrastructure for intrusions and vulnerabilities.
- Selecting service providers that have demonstrated a proven capability to protect confidential information in accordance with our standards as well as relevant legal and regulatory requirements. This includes putting in place contractual agreements requiring that such standards are maintained.
- Maintaining and reviewing internal policies, procedures and practices to ensure they keep up with the changing nature of threats and vulnerabilities.
- Providing relevant training to our employees on security best practice and compliance with our internal policies and procedures.
- Limiting and controlling access to confidential information and business systems on a need to know basis.
- State of the art backup, redundancy and disaster recovery systems in place.
Policy Governance
This policy is governed by our suite of internal Information & Communications Technology (ICT) Policies in conjunction with our Privacy Policy.