Information Systems Security Policy
This Information Systems Security Policy (ISSP) is a guiding framework established to safeguard the assets, integrity, and operational efficiency of Hantera AB and its subsidiaries.
The scope of this ISSP encompasses all hardware, software, network infrastructure, and human factors within the organization and its subsidiaries. This includes but is not limited to servers, workstations, mobile devices, and personnel who interact with these resources across all business units and geographical locations.
Security Measures
Physical Security: We operate in a remote capacity; as such, physical offices do not exist. However, each remote team member is mandated to secure their computing devices with strong alphanumeric passwords and/or biometric authentication methods. In addition, hardware-supported encryption technologies like Bitlocker must be employed.
Network Security: Networks are fortified through the use of Virtual Private Networks (VPNs) whenever feasible. In circumstances where VPN use is not possible, IP address whitelisting is implemented. Firewalls are deployed to mitigate unauthorized accesses and potential attack vectors.
Application Security: The Hantera platform is orchestrated in containerized and isolated environments on shared hardware infrastructures, employing Kubernetes. The architecture and design conform to industry best practices. To minimize the risk associated with human errors and sensitive information leaks, updates are automatically deployed. Access to systems are restricted through the employment of Multi-Factor Authentication (MFA) or passkeys.
Data Security: Data within Hantera’s clusters is encrypted at rest using Linux Unified Key Setup (LUKS) and encrypted in transit via TLS 1.2.
Data Backup: A comprehensive backup strategy is in place that includes daily full backups. Write-Ahead Logs (WAL) are copied at five-minute intervals, allowing data to be restored to any specific point within the last seven days.
Incident Management
This section delineates the procedures to identify, assess, and respond to anomalies and security incidents within our application environment. Monitoring at the infrastructural level is the responsibility of our cloud hosting providers.
Log Monitoring: All application logs are subject to automated analysis to identify unusual or unauthorized activities. Should anomalies be detected, an automated alert is dispatched to the designated security team.
Incident Assessment: Upon receipt of an automated alert, a formal assessment is initiated to determine the nature and extent of the incident. Appropriate mitigation measures are enacted pursuant to this assessment.
Communication with Cloud Providers: In cases where incidents pertain to the infrastructure layer, cloud hosting providers will notify Hantera, and a coordinated response will ensue.
Incident Closure: Upon resolution, a post-mortem analysis is conducted, and findings are integrated into future incident response planning.
Review and Maintenance
Policy Review: This Information Security and Support Policy (ISSP) shall be reviewed annually or as needed in the event of significant organizational or operational changes. The review will be conducted by designated senior management personnel and any changes must be approved by the executive team.
Compliance Checks: Regular compliance audits will be conducted to ensure adherence to this policy and related procedures. Audit findings will be reported to senior management.
Continuous Improvement: Feedback mechanisms will be in place to collect comments and suggestions from employees and stakeholders. This feedback will be used to refine and enhance the policy and its supporting procedures.
Policy Updates: Any updates or amendments to this policy will be communicated to all personnel in a timely manner. Employees are expected to be aware of and understand the most current version of this policy.
External Reviews: External audits or reviews may be conducted by third parties to validate the integrity and effectiveness of our information security measures.