DHP Consultants Cyber Security Notice
DHP Consultants maintains certain personally identifiable information regarding clients in its electronic databases to facilitate the processing of transactions on behalf of its clients to comply with rules, regulations and laws. The personally identifiable information stored on DHP Consultants network is protected from unauthorised access, treated as confidential.
DHP Consultants attests that personally identifiable information and customer information stored on our systems is protected as follows:
- DHP Consultants Internet-facing servers are protected from access through firewalls and/or other security devices.
- The firm’s critical servers reside on isolated networks that have no direct Internet access.
- DHP Consultants internal systems that store customer personally identifiable information locks people out of internal systems after a few unsuccessful login attempts.
- Access to shared drives is restricted to active employees and pre-authorized individuals on a “need to know” basis within DHP Consultants through password-protected logins to the network.
- Encryption technology is employed for data transmissions across public networks and on portable media devices.
- System backups reside either in secure facilities at DHP Consultants or in secure storage provided by a third party specializing in secure information management.
- Personally identifying information is generally not stored on laptop computers or other portable devices. Further all data stored on laptop hard drives is encrypted.
- All end-station computers use antivirus software that is regularly updated.
- Operating System security patches are applied to all systems on a regular basis.
- Employees are trained on the requirements to protect personal information.
- DHP Consultants has adopted written policies and procedures, reasonably designed to protect personally identifiable information.
DHP Consultants further attests that should a breach occur, management will promptly take action to secure information, mitigate the breach, and notify, on a timely basis, any customers whose personally identifiable information could have been compromised.