Cybersecurity Policy

Our information security practices and measures

Last updated: February 2025

1. Introduction

At HabSar, information security is a fundamental priority. This policy establishes the principles, guidelines and measures we implement to protect our own and our clients' information assets against cyber threats.

2. Scope

This policy applies to all employees, contractors, partners and third parties who have access to HabSar's or our clients' systems, networks and data. It includes all devices, applications and services used in the course of our activities.

3. Security Principles

Our cybersecurity approach is based on the following principles:

  • Confidentiality: Protecting information against unauthorized access
  • Integrity: Ensuring the accuracy and completeness of information
  • Availability: Guaranteeing timely access to information when needed
  • Accountability: Ensuring that actions can be traced to specific individuals

4. Access Control

We implement strict access controls that include:

  • Multi-factor authentication (MFA) for all critical systems
  • Principle of least privilege in permission assignment
  • Periodic review of access rights
  • Secure password management with complexity requirements
  • Automatic account lockout after failed access attempts

5. Data Protection

To protect sensitive data, we implement:

  • Data encryption in transit using TLS/SSL
  • Data encryption at rest for sensitive information
  • Regular backups with secure storage
  • Data classification based on sensitivity
  • Data retention and secure deletion policies

6. Network Security

Our network security measures include:

  • Firewalls and intrusion detection systems
  • Network segmentation to isolate critical systems
  • Continuous network traffic monitoring
  • VPN for secure remote connections
  • Regular firmware and network software updates

7. Vulnerability Management

We maintain an active vulnerability management program:

  • Periodic vulnerability scans
  • Timely application of security patches
  • Application security assessments
  • Scheduled penetration testing
  • Tracking and remediation of identified vulnerabilities

8. Incident Response

We have an incident response plan that includes:

  • Incident detection and notification procedures
  • Designated incident response team
  • Containment and eradication protocols
  • Recovery and restoration processes
  • Post-incident analysis and lessons learned

9. Awareness and Training

All employees receive regular information security training, including:

  • Phishing and social engineering recognition
  • Secure handling of confidential information
  • Proper use of devices and systems
  • Security incident reporting
  • Updates on new threats and best practices

10. Development Security

In our development projects, we follow security practices:

  • Security-focused code review
  • Security testing in the development lifecycle
  • Use of up-to-date libraries and frameworks
  • Separation of development, testing and production environments
  • Version control and secure source code management

11. Compliance

We are committed to complying with applicable security regulations and standards, including Argentina's data protection laws and industry best practices.

12. Review and Update

This policy is reviewed and updated annually, or when significant changes are identified in the threat landscape or in our operations.

13. Contact

To report security incidents or inquiries related to this policy, contact our security team through our contact page or write to seguridad@habsar.com.