Security
Harbr’s information security strategy is based around the core NIST principles of Identify, Protect, Detect, Respond, and Recover.
Identify
We run a comprehensive vulnerability identification program, which starts with identifying our assets and then deploying tooling to scan for vulnerabilities. This happens across the product development lifecycle, from threat modeling at the early stages, through to penetration testing of the resulting product. A similarly robust process is used for our internal business operations, as well as identifying and risk assessing our suppliers.
Protect
Harbr takes a defense in depth approach to security, applying robust and proportionate technical safeguards, as well as policies and procedures that are backed by audit and our ISO27001 certification. We also have a security awareness program for all employees, and completion of this is required in order to maintain access to any systems.
Detect
We have a centralized Security Incident and Event Monitoring platform that collates logs from all systems, including our identity and access platform, which is at the heart of our defensive capability. Security monitoring is conducted in as near to real time as possible and we use machine learning to discover anomalies that need investigation.
Respond
Our incident response capability is focused on minimizing the impact of any discovered breaches or vulnerabilities. Any Harbr employee and any customer is able to raise a security incident, which is immediately triaged to drive an appropriate response. We regularly test and refine this process.
Recover
Recovery from an information security incident is built into our business continuity and disaster recovery planning, and we continually refine and improve these processes.
Read more about our security posture here.