Security
Security.
By Design.
By Design.
Hook is committed to the highest level of security, keeping your data fully protected at all times.
SOC 2 certified
Hook is SOC 2 Type 2 certified, and we have successfully completed our Type 2 audit.
We will continue to perform regular SOC 2 audits conducted by an independent, third-party auditing firm. Contact us to request the latest copy of our SOC 2 Type 2 audit report.
We will continue to perform regular SOC 2 audits conducted by an independent, third-party auditing firm. Contact us to request the latest copy of our SOC 2 Type 2 audit report.
GDPR Compliant
Hook is commited to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018.
Please contact us to discuss Hook’s approach to GDPR and Trust.
Please contact us to discuss Hook’s approach to GDPR and Trust.
Committed to your security
As a data focused company, we take security issues very seriously. If you believe you’ve found a security vulnerability please report this to [email protected] and we will work with you to investigate the issue.
Security practices & processes
Every new team member undergoes a background check and signs an NDA prior to joining the team, and undergoes security training right after joining.
Access to all sensitive services is protected with strong password requirements and two-factor authentication (where possible).
Access to data is further restricted according to the principles of least privilege and role-based permissions: team members are only authorised to access data that they reasonably must handle in order to fulfil their current job responsibilities.
Our approved password manager is required, to generate, store, and enter unique and complex passwords to avoid password reuse, phishing, and other password-related risks.
We leverage automatic security vulnerability detection tools to alert us if/when security issues arise in the software packages we use. We apply fixes and deploy them as quickly as possible.
Access to all sensitive services is protected with strong password requirements and two-factor authentication (where possible).
Access to data is further restricted according to the principles of least privilege and role-based permissions: team members are only authorised to access data that they reasonably must handle in order to fulfil their current job responsibilities.
Our approved password manager is required, to generate, store, and enter unique and complex passwords to avoid password reuse, phishing, and other password-related risks.
We leverage automatic security vulnerability detection tools to alert us if/when security issues arise in the software packages we use. We apply fixes and deploy them as quickly as possible.
Questions? Let’s talk.
Get in touch