Security Policy

LAST UPDATED: August, 2020

This Security Statement applies to the products and services offered by harmon.ie Corporation and our affiliates (Harmon.ie” “ we”, “our” or “us”).

harmon.ie values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

Physical Security

harmon.ie’s information systems and technical infrastructure are hosted within Office 365, Azure, Amazon AWS, Zendesk, Google Cloud, MLAB, Salesforce, and Constant Contact data center cloud services. Local office security includes 24x7 monitoring, cameras, visitor logs, entry requirements, and security guards.

Access Control

Access to Harmon.ie’s technology resources is only permitted through secure connectivity (e.g., VPN, SSH). Our production password policy requires complexity and has an expiration. Harmon.ie grants access on a need to know on the basis of least privilege rules, reviews permissions quarterly, and revokes access after employee termination.

Security, Vulnerability, Encryption

Harmon.ie maintains and regularly reviews and updates its information security policies.

Security updates and critical patches are applied to servers on a priority basis.

We encrypt your data in transit using secure TLS cryptographic protocols.

Personnel

Harmon.ie conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, Harmon.ie requires new employees to sign non-disclosure agreements.

Development

Our development team employs secure coding techniques and best practices. Developers are formally trained in secure web application development practices upon hire and annually.

Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

Asset Management

Harmon.ie maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with up-to-date antivirus software.

Information Security Incident Management

Harmon.ie maintains security incident response policies and procedures covering the initial response, investigation, customer notification (no less than as required by applicable law), public communication, and remediation. These policies are reviewed regularly.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Harmon.ie learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Information Security & Business Continuity Management

Harmon.ie’s databases are backed up on a rotating basis of full and incremental backups and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability.

Logging and Monitoring

Application and infrastructure system logs are stored and available for troubleshooting, security reviews and analysis by authorized harmonie personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.