Skip to main content

Information Security Trust Center

Payment Companies
Certifications & Standards

Compliance

ISO

ISO 27001:2013

GDPR Icon

GDPR Compliant

Information Security Policy

Information Security Policy

Hawk’s information security policy is central to our mission and vision, embodying a company-wide commitment. It is a strategic priority, endorsed at the highest levels, and essential to achieving our business goals.
 

Controls Trust Center

Organization & Information and Communications Technology (ICT) Controls

Hawk implements robust organizational and ICT controls to manage information security and compliance. These measures exceed regulatory requirements and drive the continuous advancement of our security practices.
 

Business Continuity

Business Continuity Management

Hawk’s Incident, Business Continuity (BC) and Disaster Recovery (DR) Policy is designed to strategically mitigate risks from internal and external events. By integrating these three plans, Hawk ensures seamless support for uninterrupted business operations.
 

Secure Practices

Secure Coding

Security is embedded in all stages of software development, including four-eye reviews of every code change, OWASP training, automated security tests, code scanning, end2end tests, and more. Hawk applies these practices to all our code—from backend, frontend, and data science to infrastructure code.

Data Encryption

All data is encrypted both in transit and at rest, resulting in robust protection of your data. Hawk uses Advanced Encryption Standard (AES) for all information systems to ensure fortified encryption. The company has deployed HashiCorp Vault to store secrets and manage key rotation for Personally Identifiable Information (PII), in line with GDPR requirements.

Training and Awareness

Security is everyone’s responsibility at Hawk. This starts from the time a new employee or contractor joins the company throughout the entire period they are with Hawk. Hawk’s training and awareness program includes onboarding sessions, annual training, regular reminders, and role-based training.

Identity and Access Controls

Hawk’s access management policies follow the “principle of least privilege.” The primary method of assigning and maintaining consistent access controls and rights is Role-Based Access Control (RBAC). This includes, but is not limited to, Multi-Factor Authentication (MFA), VPN-protected system access, a strict password policy, and Single-Sign-On (SSO) capabilities.

Monitoring

24/7 monitoring operations provide extensive security coverage of Hawk’s cloud services, from the component and hardware level to code. Monitoring and alerting are focused on aspects of both availability and security, enabling prompt and effective responses from Hawk’s team of on-duty experts.

Incident Management

Hawk incorporates industry best practices for event and incident management. The program is in line with regulatory requirements and standards, such as ISO 27001, ISO 22301 and SOC 2 Type 2.

Threat Detection

Hawk applies state-of-the-art, machine learning-supported technology to detect and stop intrusions and abnormal or potentially malicious behavior in its environments. This enables Hawk’s 24/7 on-duty personnel to provide all necessary information and respond in a timely manner.