At Hahn, information security and data integrity are a priority. We take seriously the obligation to ensure that our client’s and business partner’s information assets are protected and secure. Hahn’s information security program is integrated into the fabric of our company culture and is focused on exceeding industry best practices.
Hahn undergoes quarterly cybersecurity reviews with Silent Quadrant to ensure that the proper security controls are in place and operating effectively. Our information security program is built upon the Silent Quadrant Cybersecurity Framework, which exceeds NIST standards, and addresses the following elements.
Cybersecurity is a core value and integrated into company strategy. To reduce risk and improve resilience, team members understand the critical roles they play in protecting the organization, its clients and business partners. A security-first culture helps make security best practices instinctual.
Visibility and Control
Visibility is the foundation of sound cybersecurity. Hahn maintains insight into all physical devices, applications, and data. Protection is tailored to each class of assets and client requirements. Physical and system access is restricted based on the principle of least privilege, and access is monitored for anomalies or failures, and reviewed for compliance.
Vulnerability and Remediation
Hahn evaluates, manages, and mitigates against threats to its networks and systems. We ensure that systems and software are properly patched, and vulnerabilities remediated. Our servers are protected by advanced firewall systems and testing is performed regularly. Sensitive information is encrypted, and secure design is central to software and systems development.
Backup and Protection
Information assets are backed up and protected consistent with our cybersecurity and business continuity policies. Hahn uses continuous intrusion detection and prevention systems to guard against known threats, and unusual or malicious network traffic. All services have rapid failover with complete backups performed at scheduled intervals.
Incident Response and Training
Hahn’s cybersecurity program and disaster recovery plan is built on resilience and minimizing downtime in the event of a natural or cyber event. Our people are the human firewall and are trained on how to recognize and respond to threats. All personnel review and acknowledge a confidentiality agreement prior to starting work, and annually thereafter.
Third-Party Risk Management
Cyberthreats can arise anywhere along the supply chain, therefore, supply chain risk management is integrated into our cybersecurity program. Hahn classifies third parties according to risk, conducts assessments, and holds accountable third parties to meeting cybersecurity requirements consistent with responsibilities.
Technology alone does not foster collaboration, eliminate siloes, or elevate performance – people do. Hahn encourages our team to embrace new ways of working and develop their skills. Building digital acumen is essential across the organization to realize the true potential of digitalization.