Security Policy
Our commitment to protecting information assets and maintaining robust security practices.
Last Updated: December 2024 | Effective: January 1, 2025
Information Security Commitment
HNL Technologies (Private) Limited ("HNL") is committed to maintaining the confidentiality, integrity, and availability of all information assets. This Security Policy outlines our approach to information security, data protection, and incident response.
We implement appropriate technical, administrative, and physical safeguards to protect information from unauthorized access, disclosure, alteration, or destruction. Our security practices are designed to meet industry standards and regulatory requirements.
Security Framework
Our information security program is built on:
Technical Controls
- • Encryption of data in transit and at rest
- • Firewalls and intrusion detection systems
- • Multi-factor authentication
- • Regular security updates and patching
- • Network segmentation and access controls
Administrative Controls
- • Security policies and procedures
- • Employee security awareness training
- • Background checks for personnel
- • Vendor security assessments
- • Regular security audits and reviews
Physical Controls
- • Secure facility access controls
- • CCTV surveillance systems
- • Visitor management procedures
- • Equipment protection measures
- • Environmental controls
Operational Controls
- • Change management processes
- • Backup and recovery procedures
- • Business continuity planning
- • Disaster recovery capabilities
- • Incident response procedures
Data Protection
Data Classification
HNL classifies information based on sensitivity and applies appropriate protection measures:
- Confidential: Highly sensitive business and customer information with restricted access
- Internal: Information for internal use only, not for external distribution
- Public: Information approved for public disclosure
Data Handling
- Access to data is granted on a need-to-know basis
- Sensitive data is encrypted during transmission and storage
- Data retention follows legal requirements and business needs
- Secure disposal methods are used for data destruction
- Third-party data sharing is subject to contractual safeguards
Confidentiality
All information received, processed, or stored by HNL is treated as confidential unless explicitly designated otherwise. This includes:
- Customer and client information
- Project specifications and technical documentation
- Business strategies and financial information
- Employee and personnel records
- Proprietary technology and intellectual property
- Partner and vendor information
Internal Use: All information collected is retained for internal purposes and may be used to train internal systems to improve our services. Information is not disclosed to external parties except as required by law or with explicit consent.
Security Incident Response
HNL maintains a comprehensive incident response program to address security events promptly and effectively.
IMPORTANT: Internal Investigation Policy
In the event of a security breach, data leakage, cyber attack, or any security incident:
- • HNL conducts internal investigations according to its own policies and procedures
- • All investigation details are strictly confidential
- • Resolution is based on HNL's internal policies
- • External communication regarding incidents is at HNL's sole discretion
- • HNL may respond or react to incidents if needed but is not obligated to provide external notifications unless required by law
Incident Categories
- Unauthorized access or access attempts
- Malware or ransomware incidents
- Data breaches or leakage
- Denial of service attacks
- Social engineering attacks
- Physical security breaches
- Policy violations
Reporting Security Concerns
If you discover a potential security vulnerability or have concerns about the security of HNL's systems, please report it to our Legal Department:
Email: legal@hnl.com.pk
Responsible Disclosure
We request that security researchers and individuals who discover vulnerabilities practice responsible disclosure by:
- • Providing us reasonable time to investigate and address issues
- • Not accessing or modifying data belonging to others
- • Not disrupting our services or systems
- • Not publicly disclosing issues before resolution
Third-Party Security
HNL requires third parties who access, process, or store HNL information to:
- Implement appropriate security controls
- Comply with HNL's security requirements
- Report security incidents promptly
- Undergo security assessments as required
- Maintain confidentiality of all information
Security requirements are incorporated into contracts and agreements with third parties.
Employee Security Responsibilities
All HNL employees are responsible for:
- Following security policies and procedures
- Protecting credentials and access rights
- Reporting security incidents and suspicious activities
- Completing required security training
- Using company resources appropriately
- Safeguarding confidential information
Violations of security policies may result in disciplinary action, up to and including termination of employment and legal action.
Jurisdiction & Legal Authority
HNL's security practices and incident response procedures are governed by the laws of the Islamic Republic of Pakistan. HNL:
- Cooperates with legitimate law enforcement requests through proper legal channels
- Requires valid legal process for disclosure of information
- Reserves the right to challenge requests that exceed legal authority
- Handles all security matters according to internal policies and Pakistani law
Security Contact
For security-related inquiries, vulnerability reports, or concerns:
Security concerns are handled according to internal policies. Please allow a minimum of 3 months for initial assessment and response. HNL reserves the right to handle all security matters internally and may not provide external updates on investigations.