DATA SECURITY AND INCIDENT RECOVERY 

 

HAAS policies and security practices for cloud-based services, data access, data storage, data transmission, and incident recovery are in alignment with the following National Institute of Standards and Technology (NIST) guidelines:

NIST Special Publication 800-210
General Access Control Guidance for Cloud Systems:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-210.pdf
NIST Special Publication 800-209 Security Guidelines for Storage Infrastructure
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-209.pdf
NIST Special Publication 800-184 Guide for Cybersecurity Event Recovery:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf

Administrative, operational, and technical safeguards and practices
In addition to following practices in alignment with  National Institute of Standards and Technology (NIST) guidelines, HAAS will only have access to information that the CLIENT provides directly to HAAS. Information will be used for restricting and granting authorized access to the HAAS Platform video player in conjunction with an information collection form that serves as a virtual gate. Specifically, some of the data submitted by end-users, for example, email addresses, may be programmatically compared to reference information supplied by the CLIENT for purposes of authentication and allowing users access to the HAAS Platform video player and other restricted content.  User information submitted via the form on HAAS Platform is transmitted via a secure encrypted connection using transport layer security that  incorporates secure socket layer (TLS SSL) and saved to secure, encrypted database storage on HAAS secure servers.  Data is accessible only to authorized personnel via logged and authenticated user sessions in keeping with security policies and is retained for the duration requested by the CLIENT  after which it will be deleted using secure deletion processes.

 
Access to Protected Information
In addition to following practices in alignment with the  National Institute of Standards and Technology (NIST) guidelines,  all HAAS contractors and staff undergo background checks, peer review of work and character and sign Non-disclosure agreements that prohibit the discussion or distribution of any materials, projects, or information. 

Contractors only have access to sensitive information while using HAAS devices and systems.  All contractors sign Non-disclosure agreements.
 
Data security and privacy incidents 
In addition to following practices in alignment with the National Institute of Standards and Technology (NIST) guidelines,  HAAS regularly audits it’s systems and work product for data security issues and will notify clients in the event of an unauthorized disclosure or breach.

Data retention
All information received from CLIENT and it’s authorized vendors in conjunction with the project in addition to all end user information supplied by users via web applications, SAAS or other means is retained in encrypted database storage on secure servers.  Data is accessible only to authorized HAAS and CLIENT personnel in keeping with security policies and is retained for the duration requested by the CLIENT  after which  it will be deleted using secure deletion processes.