Introduction
Highwire maintains a strong security program that includes policies, procedures, plans, and controls that protect the company’s information assets, including the Highwire application and sensitive data. The purpose of the Highwire Information Security Policy, which is attached in full at the end of this article, is to provide a high-level understanding of the principles and practice of Highwire’s Information Security Management System (ISMS).
Information Security Objectives
The three guiding objectives of Highwire’s Information Security Policy are confidentiality, integrity, and availability:
Confidentiality: The goal of confidentiality is to ensure that information is only available to authorized persons or systems. Confidentiality is critical to total data security. In general, the controls that we have in place regarding confidentiality include encryption, virtual private network connections, employee vetting and strict non-disclosure requirements, and many others.
Integrity: The goal of integrity is to ensure that information is only allowed to be changed by authorized persons or systems in an allowed way. This objective includes both data integrity and system integrity. In general, the controls we have in place to protect the integrity of our data and our system include access control, firewalls, encryption, logging and monitoring, and many others.
Availability: The goal of availability is to ensure that information can be accessed by authorized persons when it is needed. In general, the controls that we have in place regarding availability include authentication, authorization, password control, and many others.
To achieve our guiding objectives, Highwire relies on an overall Information Security Management System that allows for planning, implementing, maintaining, reviewing, and improving information security. Highwire’s Information Security Policy is attached at the end of this article for your review.
If you have any specific questions on our approach to privacy and data security or would like additional technical documents or policies, please feel free to contact Karen Sardone, Vice President of Compliance.
-END ARTICLE-