Cyber Security Statement
HQIP places great importance on information security, including cyber security, to protect our organisation. We have taken appropriate technical and organisational measures and developed relevant supporting processes. Together these provide necessary safeguards to detect, assess and manage cyber security incidents and mitigate the risks they pose.
Self-assessment tools
To demonstrate our commitment to cyber security, HQIP has successfully completed the Cybersecurity Best Practices for SMEs Assessment (which is assured by the European Commission).
This provides a simple and easy way for small and medium-sized organisations, like HQIP, to identify where they stand in terms of cybersecurity protection. By answering a set of questions, the tool helps to pinpoint security gaps and best practices that should be regularly followed in terms of:
- Office Firewalls and Internet Gateways
- Secure Configuration
- Software Patching
- User and Administrative accounts best practices
- Malware protection
- Awareness of Password weaknesses
- Basic risk assessment
- HQIP’s score of 87% demonstrates that we have sufficient technical and organisational measures in place to maintain cybersecurity.
Managing risks and responding to cyber threats
HQIP has up-to-date risk management processes grounded in a thorough assessment of incidents, governance and asset management that take account of our essential functions and cover a range of incident scenarios.
During an incident, we gain timely information on which to base our response decisions and recovery plans.
When an incident occurs, steps are taken to understand its root causes and to ensure appropriate remediation is taken to protect against future incidents. The lessons learned improve our security measures and the implementation of more robust safeguards by our data providers.
Working within a secure remote environment
HQIP works with Cloud CoCo (an ISO 27001 certified IT service provider) which provides and maintains our remote working environment.
Remote access to the HQIP network is managed via secure multi-factor-authentication access into a Microsoft Azure Virtual Desktop infrastructure environment which enables authorised users to connect to the internal HQIP private network.
We have a secure, encrypted connection between remote users and the internal HQIP private network. This enables internal users to connect via a local cable connection or Wi-Fi Protected Access using WPA2/PSK security.
Maintaining robust internal processes and relevant policies
HQIP maintains a number of internal policies, including the System Level Security Policy (SLSP), which are regularly reviewed and updated with input from Cloud CoCo.
We provide HQIP staff with mandatory data protection and security training which includes cyber security. The training is annually renewed and supplemented with relevant Information governance support throughout the year by our IG team.