HID Global undergoes regular internal and external security audits on the organization as well as all the HID Origo platform components to ensure our solutions comply with industry security standards and best practices.
We use the services by Amazon in HID Global which are certified by the following assurance programs:
SOC, PCI, ISMAP, FedRAMP, DoD CC SRG, HIPAA BAA, IRAP, MTCS, C5, K-ISMS, ENS High ,OSPAR ,HITRUST CSF, FINMA and GSMA
Further details can be viewed at Amazon’s compliance page: https://aws.amazon.com/compliance/services-in-scope/
HID Origo Services | |||||
---|---|---|---|---|---|
API | Gateway | DynamoDB | ElastiCache for Redis | RDS | S3 Glacier |
VPC Glue | Systems Manager | Athena | EBS | GuardDuty | SES |
VPC | ACM | IAM | Application Load Balancer (ALB) | Aurora | EC2 |
Kinesis Data Firehose | SNS | ACM | Config | IoT Core | Network Load Balancer (NLB) |
CloudFront | ECR Kinesis | Data Streams | SQS Config | Direct Connect | KMS |
CloudWatch + Logs | ECS | MSK S3 | Direct Connect | Fargate | Lambda |
HID Global maintains an Information Security Management System, certified according to the ISO/IEC 27001 standard, to govern security controls for the development and ongoing operations of the HID Origo services which includes:
HID Origo Cloud Services has also performed a self-assessment based off of the Cloud Controls Matrix by Cloud Security Alliance.
The technical report covers the following domains:
HID Origo Mobile Identities has achieved SOC2 type 1 compliance.
HID Global leverages leading industry best practice guidelines and frameworks including but not limited to the following:
The Software Alliance has developed The BSA Framework for Secure Software to fill that gap. The Framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security outcomes associated with specific software products and services.
Building Security In Maturity Model (BSIMM) is a study of current software security initiatives or programs. It quantifies the application security (appsec) practices of different organizations across industries, sizes, and geographies while identifying the variations that make each organization unique.