All of HID employees are required to complete information security and privacy awareness training. Employees who may handle sensitive or customer data receive additional training specific to their roles as well as government security clearance (as needed).
At HID, we have a dedicated staff of highly skilled security professionals, including the following functions and responsibilities:
ISMS Executive Steering Committee
Business Unit Steering Committee
Global Information Security Team
HID Global maintains detailed internal Information Security and Data Privacy policies. All personnel must acknowledge they have read, understood, and agreed to abide by the terms of the Global Information Security Policy and supporting policies and procedures.
HID Global is dedicated to the implementation of an active, analytics-driven approach to cyber security. Security testing and improvement is an ongoing activity incorporated into our vulnerability and threat assessment process. HID Global performs continuous testing on all HID Origo solution components, and to ensure the highest possible level of security we regularly engage with external security auditors to validate our security posture. Ongoing application and system vulnerability threat assessments cover the following:
We strongly encourage customers to take all possible precautions to prevent unauthorized access. In case vulnerabilities are discovered, they should be reported directly to HID Global by either contacting HID Global Technical Support or through our Security Center in non-urgent circumstances.
Note: HID Global does not permit third-party vulnerability and penetration tests without prior authorization by HID Global. We have a responsibility to ensure smooth operations. Non-controlled tests carry the risk of impacting system performance negatively.
HID Global maintains security incident management policies and procedures and we apply appropriate root cause analysis and corrective action plans. HID Global promptly notifies impacted customers of any actual or reasonably suspected unauthorized disclosure of their respective customer data to the extent permitted by law.
If a security incident is detected, the Global Information Security Team takes the necessary steps to evaluate, test and resolve the issue according to defined procedure:
HID Global has an agile Software Development Life Cycle process based on SAFe (Scaled Agile Framework), that incorporates security best practices at all stages. Some of the steps in the continuous integration and deployment procedure are described below.