Our security policy was last updated on March 27, 2023
This security policy outlines the information security framework for Hubtype and its commitment to protect the confidentiality, integrity, and availability of its information assets. The policy applies to all employees, contractors, and third-party vendors who handle or have access to Hubtype's information assets.
Hubtype's security committee is responsible for defining goals and objectives focused on performance evaluation regarding information security and compliance with current legislation regarding information systems, as well as for continuously improving our activities, which are regulated by the management system that develops this policy. Management is responsible for providing the necessary resources and support to implement and maintain the security policy.
Hubtype has established a comprehensive information security policy framework that includes regular risk assessments, implementation of appropriate security controls, incident management, and compliance with relevant regulations and standards.
Hubtype has a formal process for identifying, classifying, and protecting its information assets. This process includes regular review and updates to ensure the ongoing protection of critical information assets.
Hubtype perform security awareness and training programs for all employees and contractors to ensure that they understand their roles and responsibilities in maintaining the confidentiality, integrity, and availability of information assets.
Employees, contractor and vendors of Hubtype must follow a communication process to ensure that information is transmitted securely.
Hubtype has implemented access control processes following the Least Access Privilege approach to ensure minimum permissions and only authorized individuals have access to its information assets. This includes user registration, authentication, and authorization processes.
All components are defined using Infrastructure as Code (IaC) and the source code must be reviewed taking into consideration the confidentiality, integrity and availability of the data before adding the code in production. Hubtype has monitoring of the critical components and alarm systems to make sure an on-call person is notified if any irregularity happens.
All the source code must be reviewed taking into consideration the confidentiality, integrity and availability of the data. It also must follow the coding standards established in Hubtype and pass all the tests. Moreover, we have static analysis set in place and image scanning to detect any vulnerability.
Hubtype use TLSv1.2 to ensure the data security in transit and SHA-256 encryption for the data at rest. We also have resilience by having a second replica of our databases ready to be used and using multi-AZs in our critical components. Daily backups are done to our databases that are deleted after 30 days.
Hubtype has established an incident management process to respond to and report security incidents, including data breaches, network intrusions, and system failures.
Hubtype has a business continuity plan in place to ensure the continuity of business operations in the event of a security breach or disruption.
Hubtype is committed to complying with relevant legal and regulatory requirements, as well as industry standards and best practices, including ISO 27001.
Hubtype will regularly review its security policy to ensure its effectiveness and alignment with organizational needs. This review will be conducted at least annually or as necessary based on changes in the information security environment.