Legal

Security Policy

Last updated: 1 June 2026

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

Access Controls

Role-based access control with multi-factor authentication required for all systems.

Monitoring

24/7 security monitoring with automated threat detection and response.

Infrastructure

Enterprise-grade cloud infrastructure with geo-redundancy and disaster recovery.

1. Overview

Hitech Systems maintains a comprehensive security programme designed to protect client data and ensure the integrity, confidentiality, and availability of our systems and services.

2. Certifications & Compliance

  • SOC 2 Type II: Annual audit of security controls
  • ISO 27001: Information security management certification
  • GDPR: Full compliance with EU data protection regulations
  • HIPAA: Controls aligned for healthcare data handling

3. Data Protection

Encryption

  • Data at rest: AES-256 encryption
  • Data in transit: TLS 1.3 minimum
  • Database encryption with customer-managed keys available
  • Secure key management using HSM

Data Segregation

Client data is logically segregated using unique identifiers and access controls. We never commingle data between clients.

4. Access Control

  • Multi-factor authentication required for all access
  • Role-based access control (RBAC)
  • Principle of least privilege enforced
  • Regular access reviews and audits
  • Automated deprovisioning upon termination

5. Infrastructure Security

  • Enterprise cloud providers (AWS, Azure, GCP) with SOC 2 certification
  • Network segmentation and firewalls
  • DDoS protection and mitigation
  • Regular vulnerability scanning and penetration testing
  • Automated patch management

6. Incident Response

Our incident response plan includes:

  • 24/7 security operations centre
  • Documented incident response procedures
  • Client notification within 72 hours of confirmed breach
  • Post-incident review and remediation
  • Annual incident response testing

7. Employee Security

  • Background checks for all employees
  • Security awareness training on hire and annually
  • Acceptable use and security policies
  • Confidentiality agreements

8. Business Continuity

  • Geo-redundant data centres
  • Automated backups with encryption
  • Recovery point objective (RPO): 1 hour
  • Recovery time objective (RTO): 4 hours
  • Annual disaster recovery testing

9. Reporting Security Issues

If you discover a security vulnerability, please report it to security@hitechsys.co. We operate a responsible disclosure programme.

10. Contact

For security inquiries: security@hitechsys.co