HPG is often requested to provide high level details about our cyber security practices and preparedness. These are often requested in the form of a survey and may come from customers or vendors. To help assist employees respond to these types of surveys HPG IT has provided the below information. 

Q: Does HPG have a formal information security policy that is reviewed at least annually and approved by senior management?

A:  Yes. Employees are trained at least once a year regarding information security and Cyber Security and IT Policies are published and available for employees to view. Senior management is directly involved with review and approval of policies.

Q: Does HPG hold any active IT assurance certifications such as ISO27000 or SOC2?

A: No, we review these certifications provided by our ERP and Document Management solution on an annual basis as part of our annual cyber security audits.

Q: Does HPG support Multi-Factor Authentication on its critical systems?

A: Yes, HPG requires Multi-Factor Authentication on all systems where possible, especially remotely accessible systems.

Q: Does HPG have backup and recovery processes in place that include offsite backups for technical assets?

A: Yes, all critical assets are backed up with offsite copies of the backups. 

Q: Does HPG have documented disaster recovery and incident management plans?
A: Yes

Q: Has HPG's disaster recovery and incident management plans been exercised or tested in the last year?

A: Yes

Q: Does HPG have a cyber insurance policy?

A: Yes

Additional information and policy is available for employees to review in the employee handbook and the HPG Cyber Security and IT Policies document.