Page Header

HqO Security Practices

Our Approach

Security is an integral component of our business. HqO’s customers and users entrust us with their work-life information, and we aim to process and store that information thoughtfully and intelligently.

We see our data security as a differentiator for us in the marketplace, and we have commitments from all levels of the business to resource it appropriately.

Our Team

Our security team is comprised with individuals from our technology, operational, human resources, financial and accounts groups, and almost all of these individuals are representatives of our company’s overall leadership team as well.

We meet weekly, and we have more than twenty ceremonies throughout the year to covering a wide array of security-related activities to plan, execute, monitor and react to our data security initiatives.

Our Commitment

Talk is cheap. Here is a list of the certifications and compliances we either have or are pursuing at the time of writing this (Oct 2019).

Framework Status Note
SOC 2 HqO is SOC-2 Type I compliant as of September 3, 2019. We will be SOC-2 Type II compliant upon the first year anniversary and will maintain SOC-2 compliance thereafter as an annual ceremony. For a copy of our independent auditor’s report, please email us at [email protected]
GDPR HqO is GDPR compliant as of October 15th, 2019.
CCPA Although we are not subject to CCPA based on its criteria, HqO will be CCPA compliant on or about October 31, 2019; ahead of its official effective date of January 1, 2020.
EU-US, Swiss-US Privacy Shield HqO has been accepted to the EU-U.S. and the Swiss-U.S. Privacy Shields on November 5th, 2019.
ISO-27001,
27002
Certification planned for
Dec 2019
HqO has a contractual obligation to be certified for ISO-27001, which includes ISO-27002, by December 31, 2019. There are no impediments for this certification, and we expect to be compliant with both standards by the start of the new year. We have selected ControlCase as our certifier.

Your Data

We believe that all of our users and customers have rights to their data, regardless of regulatory governance.
You may have the right to:

  • Request access to the personal data we hold about you
  • Request we correct any inaccurate personal data we hold about you
  • Request we delete any personal data we hold about you (“Right to be Forgotten”). We have a process in place to ensure that HqO as well as any sub-processing entity are capable of supporting a user’s right to be forgotten.
  • Restrict the processing of Personal Data we hold about youObject to the processing of Personal Data we hold about you
  • Receive any Personal Data we hold about you in a structured and commonly used machine-readable format or have such Personal Data transmitted to another company.

To make any of these requests, please visit our Request Your Data page to contact us either by email or telephone. To learn more about how we process your data, please go here.

Our Policies

To get a better sense of how are information security management system operates, here’s a list of a subset of our policies:

  • Access Management
  • Incident Command System
  • Infrastructure Change Management
  • Onboarding/Offboarding
  • Risk Management
  • Security Incident Response Plan
  • Software Development Lifecycle
  • Vendor Relationship
  • Vulnerability Management

If you’d like to learn more about a particular policy, please contact us at [email protected].

Learning More