HLi Privacy Policy

HLi, is a company committed to the protection and confidentiality of data. The purpose of this policy is to collect, process, store and share data transparently. Here's a summary of what this privacy and data protection policy covers.

Information security policies
Information and its support systems are critical assets that HLi must protect with the appropriate measures and controls. Information security policies are the embodiment of HLi 's commitment and vision in the field of information security. 
 
These policies specify requirements and best practices for information security within HLi. They are supported with detailed guidelines, charters and other good practice documents.
With the continued dependence on Information and Communication Technologies (ICTs), it is important to define control requirements to limit the risks associated with ICTs.
 
Information security policies must ensure, in particular, the control of information risks and the continuity of HLi 's information systems and must be implemented taking into account the development prospects of its activities.

1. Objectives
The objectives of HLi information security policy are:
- Protect the reputation, integrity, ethics and public image of HLi.
- Maintain the trust of customers, suppliers, guardianship, as well as the partners of HLi.
- Protect the confidentiality of sensitive information.
- Protect sensitive operational data from inappropriate disclosures.
- Prevent third parties against illegal or malicious acts against HLi systems.
- Ensure non-repudiation to ensure that an integration or update operation can not be denied.
- Check the authentication which consists of ensuring the identity of a user and guarantee each correspondent that his partner is who he thinks he is. Authentication is necessary for non-repudiation.
 - Ensure the traceability in order to keep an original, timestamped, explicit and integrated probative trace of a technical event, such as the technical traces of security or logs, or of a business act, such as the audit trail; to be probative, a trace must be able to be attached to an actor and a reference to reliable time.
 - Optimize the use of HLi resources by ensuring that they are not misused or wasted.
- Prevent against fraud.
- Prevent major incidents that can lead to business interruptions.
- Comply with regulatory and legal requirements.
- Support the business and business objectives of HLi.
- Reduce the risks of breach of the confidentiality, integrity and availability of information, by defining the principles for the use and processing of information.

2. Data protection officer
We have appointed a data protection officer. This data protection officer is in charge of advising, informing and checking compliance with the data protection regulations.

3. Field Of Application
The information security policies of HLi apply in particular to:
 - Information in all its forms, resident on servers, PCs, network or other equipment, databases, personal documents, files and working documents.
- All applications, operating systems, software packages and software.
- Any hardware, server, workstation, laptop, network component, smart sensor, communication equipment and owned device.
- All the sites of HLi that host the information and its support systems.
- All permanent, contractual and temporary employees, trainees, consultants, suppliers and third-party service providers or staff assigned to work with HLi.
- It is COMPULSORY that all the members of HLi mentioned above adhere to these policies and all the standards and directives that are derived from them.

4. Normative references & good practices
The guiding principles underlying these policies are drawn mainly from the good practices of the following international standards:

1- International Standard ISO 27001: 2013: Security techniques - Information security management systems - Requirements.
2- International Standard ISO 27002: 2013: Security techniques - Code of good practice for the management of information security.
3- International Standard ISO 27005: 2011: Security techniques - Management of risks related to information security.
4- International Standard ISO / IEC 27000: Information technology - Security techniques - Information security management systems - Overview and vocabulary.
5- Center for Internet Security - https://www.cisecurity.org/
6- National Agency for the Security of Information Systems - https://www.ssi.gouv.fr/


5. Specific policies
HLi 's specific information security policies include:
1. Charter of good use of IT resources, messaging and the Internet.
2. IT Directors Charter of HLi.
3. Privacy Policy.
4. Access control policy for information systems.
5. Physical and environmental security policy.
6. Log management policy (log).
7. Computer remote maintenance policy.
8. Functional backup and restore policy.
9. Security Patch Management Policy.
10. Change Management Policy.
11. Malware management policy.
12. Supplier and Subcontractor Management Policy.
13. Communications security policy.
14. Policy for the acquisition, development and maintenance of computer applications.
15. Cryptography policy.
16. Information Security Incident Management Policy.
17. Change Management Policy for Computer Applications.
18. Internal, external and security compliance policy for information system security.
19. Policy Test.
20. Policy of Continuity of the Security of the Information.