HPG IT Common Cyber Security Questions and Answers

HPG is often requested to provide high level details about our cyber security practices and preparedness. These are often requested in the form of a survey and may come from customers or vendors. To help assist employees respond to these types of surveys HPG IT has provided the below information.

Q: Does HPG have a formal information security policy that is reviewed at least annually and approved by senior management?

A: Yes. Employees are trained at least once a year regarding information security and Cyber Security and IT Policies are published and available for employees to view. Senior management is directly involved with review and approval of policies.

Q: Does HPG hold any active IT assurance certifications such as ISO27000 or SOC2?

A: No, we review these certifications provided by our ERP and Document Management solution on an annual basis as part of our annual cyber security audits.

Q: Does HPG support Multi-Factor Authentication on its critical systems?

A: Yes, HPG requires Multi-Factor Authentication on all systems where possible, especially remotely accessible systems.

Q: Does HPG have backup and recovery processes in place that include offsite backups for technical assets?

A: Yes, all critical assets are backed up with offsite copies of the backups.

Q: Does HPG have documented disaster recovery and incident management plans?
A: Yes

Q: Has HPG's disaster recovery and incident management plans been exercised or tested in the last year?

A: Yes

Q: Does HPG have a cyber insurance policy?

A: Yes

Additional information and policy is available for employees to review in the employee handbook and the HPG Cyber Security and IT Policies document.