Skip to main content

Platform – Security Data Protection and Information Security

Information Security

We employ a holistic approach to practical Information Security, meaning every part of the organization participates through technical controls, processes, and awareness. The system was built with a strong focus on security and data protection from day zero – with ISO 27001, GDPR, and SOC 2. Additionally, we align with financial industry standards such as MaRisk & IT Outsourcing guidelines.

Mission Statement

HAWK:AI has an extraordinary responsibility for our client’s data and the flawless, reliable operation of the critical service we provide to them. It’s a matter of Trust, our client’s Trust.

Security Awareness & Culture

This starts with hiring people with a security mindset and includes background checks, regular trainings of all employees, and constant reminders of security threats. Security is at the forefront of our daily work.

Information Security Management System (ISMS)

In line with ISO 27001 requirements, we maintain an Information Security Management System (ISMS) to proactively manage risks and review our controls via internal and external audits.

Security Testing (incl. internal/external PEN testing)

We constantly challenge ourselves to get better, this includes testing our security regularly with vulnerability scans, penetration testing and testing the implementation of all internal policies.

Secure Coding Practices

Security is embedded in all stages of software development, including four-eye review of every piece of code and code change, OWASP Training, automated security tests, Code scanning, end2end tests and more. We apply these practices to all our code - from Backend, Frontend and Data Science to our Infrastructure Code.

Extensive Monitoring and Alerting

Our 24/7 monitoring provides extensive coverage of our cloud services from component and hardware level through to code. The monitoring and alerting are focused on both availability and security aspects and enable prompt responses by our on-duty team experts who have the authority to act.

Threat detection

We apply state-of-the art technology to detect and alert us to intrusions or abnormal, potentially malicious, behavior on our environments.

Data Protection

Identity & Access management

We have established comprehensive Identity and Access Management Policies. Our Access Management policies follows the “principle of least privilege.” Our primary method of assigning and maintaining consistent access controls and access rights is through the implementation of Role-Based Access Control (RBAC). Including but not limited to Multifactor Authentication (MFA), system access protected via VPNs, strict password policy, and Single-Sign-On (SSO).

Respecting our clients’ data

Per our application design, all GDPR relevant Personal identifiable information (PII) data gets tokenized, stored separately, and encrypted from the rest of the data. Through this separation the PII data elements do not allow for the tracing/matching to an individual. Access to the data, which is needed for case investigation, is secured with a roles and rights system, gets logged with an audit trail, and can only be seen on individual case basis and never through any mass action.

Certified practices

HAWK:AI follows industry best practices and is GDPR and ISO  27001 certified.

Download the certificate here.

Data Encryption

All data is encrypted in transit and at rest. We use AES on all information systems to ensure the highest standard of encryption. We have deployed HashiCorp Vault to store secrets and manage key rotation.

Firewalls

Our systems are protected by sensitive Web Application Firewalls (WAF), allowing for finer management of incoming and outgoing traffic.