Trust
Security & Trust
Contents · 6 sections
Our approach#
Security is part of how we work, not an afterthought. We aim to protect the information entrusted to us with sensible, layered measures, and to build the same care into the software and platforms we deliver for clients. This page summarises our general practices. Specific controls for a particular engagement are agreed with the client.
Protecting data#
- Encryption in transit. Traffic to this website and to systems we operate is protected with industry-standard encryption (HTTPS / TLS).
- Access on a need-to-know basis. Access to systems and data is limited to people who need it for their work, and is removed when no longer required.
- Strong authentication. We use strong credentials and, where supported, multi-factor authentication for the tools we rely on.
- Trusted providers. We host on reputable cloud and service providers and configure them with security in mind.
Building software securely#
When we build for clients, we follow secure-engineering practices appropriate to the project, which may include:
- Code review and version control for changes we make.
- Managing secrets and credentials carefully, never hard-coded in code.
- Keeping dependencies up to date and watching for known vulnerabilities.
- Designing least-privilege access into the systems we deliver.
Our people#
Everyone at HiyaMee Digital is expected to handle client and company information responsibly and is bound by confidentiality obligations. We promote good security habits and keep our team aware of common risks such as phishing and social engineering.
If something goes wrong#
If we become aware of a security incident affecting data we hold or process, we act to contain it, investigate the cause, and notify the people and customers affected as required, in line with applicable law and our Data Processing Addendum.