Information security is paramount at HID Global. To ensure we maintain our customers’ confidence, we have established a comprehensive Information Security Management System (ISMS) to exceed recognized security requirements and continue to be the world’s trusted source for identity security.
All HID employees are required to complete information security and privacy awareness training. Employees who may handle sensitive or customer data receive additional training specific to their roles as well as government security clearance (as needed). We have a dedicated staff of highly skilled security professionals, including the following functions and responsibilities:
ISMS Executive Steering Committee
Business Unit Steering Committee
Global Information Security Team
HID Global maintains detailed internal Information Security and Data Privacy policies. All personnel must acknowledge they have read, understood, and agreed to abide by the terms of the Global Information Security Policy and supporting policies and procedures.
HID Global is dedicated to the implementation of an active, analytics-driven approach to cyber security. Security testing and improvement is an ongoing activity incorporated into our vulnerability and threat assessment process. We perform continuous testing on all HID Origo solution components, and to ensure the highest possible level of security we regularly engage with external security auditors to validate our security posture. Ongoing application and system vulnerability threat assessments cover the following:
We strongly encourage customers to take all possible precautions to prevent unauthorized access. In case vulnerabilities are discovered, they should be reported directly to HID Global by either contacting HID Global Technical Support or through our Security Center in non-urgent circumstances.
Note: We do not permit third-party vulnerability and penetration tests without prior authorization. We have a responsibility to ensure smooth operations. Non-controlled tests carry the risk of impacting system performance negatively.
HID Global maintains security incident management policies and procedures and we apply appropriate root cause analysis and corrective action plans. We promptly notify impacted customers of any actual or reasonably suspected unauthorized disclosure of their respective customer data to the extent permitted by law.
If a security incident is detected, the Global Information Security Team takes the necessary steps to evaluate, test and resolve the issue according to defined procedure:
Testing
Deployment
Monitoring