Skip to content
Burger Icon
Burger Icon

Security & Trust at HKR.TEAM

1. Compliance

ISO Certified
ISO 27001:2022 Certified
ISO Certified
ISO 9001:2015 Certified
ShieldCheck-1
GDPR Compliant
ShieldCheck-1
HIPAA compliance in progress

2. Trusted

aws_navy
Amazon Web Services, Inc • Hosting, storage and processing Customer Data
Cloud infrastructure and services provider supporting data processing on behalf of HKR.TEAM
google_cloud_navy
Google Cloud • Cloud infrastructure & data processing
Cloud platform providing scalable infrastructure and data processing services for HKR.TEAM
ms_azure_navy
Microsoft Azure • Cloud infrastructure & enterprise services
Microsoft's cloud platform supporting enterprise-grade infrastructure and services for HKR.TEAM

3. Security Practices

 

3.1 Endpoint Security

Security controls are implemented based on client requirements and engagement scope:

  • Company-managed devices with MDM enrollment
  • BYOD policy: Zero Trust access model via VDI (Azure Virtual Desktop) or enterprise browser (Primary) — no local data storage
  • Enterprise browser with encrypted downloads, DLP controls, and session isolation
  • EDR on all endpoints (e.g. Bitdefender GravityZone)
  • Encryption at rest and in transit

Controls are tailored to each client engagement based on contractual and regulatory requirements.

 

3.2 Access Control


  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) enforced
  • Principle of least privilege
  • Regular access reviews

3.3 Network & Infrastructure


  • 100% cloud-based infrastructure (no physical servers)
  • Hosting: AWS, Microsoft Azure, Google Cloud (EU regions)

3.4 Data Protection


  • Data encrypted at rest and in transit
  • Data residency: EU-based (primary), with appropriate safeguards (e.g. SCCs, DPAs) for any transfers outside EEA
  • Data retained per client contractual requirements and deleted upon contract termination or client request
  • No local storage on personal devices (MDM/VDI/enterprise browser model)

4. People & Operations

 

4.1 Personnel Security

 

  • Background checks performed on-demand
  • Confidentiality provisions included in all employment and contractor agreements
  • Onboarding/offboarding procedures with access revocation

4.2 Security Awareness

 

  • Annual company-wide security training (mandatory)
  • Phishing awareness
  • Incident reporting procedures

 

5. Policies & Documentation

 

Policy
  Internal Company Rules
Information Security Policy
Incident Reporting Policy
Acceptable Use Policy
Access Control Policy
Business Continuity Plan

 

Additional policy documents may be available on demand. Please contact us at security@hkr.team to request access. 

 

6. Sub-processors

 

Sub-processor Purpose Data Location
AWS Cloud infrastructure EU
Microsoft Azure Cloud infrastructure EU, Asia
Google Cloud Cloud infrastructure EU
Google Workspace Email, documents, collaboration EU
Slack Internal communication US
HubSpot Client relationship management EU
Notion Internal documentation, project management, contract drafting US, EU
HiBob HR management, employee lifecycle, onboarding/offboarding EU
Bitdefender Endpoint detection & response EU

 

7. Data Privacy

 

  • Committed to GDPR compliance
  • We do not sell personal information
  • We process personal data only as directed by our clients and do not use it for our own purposes
  • We support clients in meeting their CCPA/CPRA obligations, including responding to consumer requests
  • Standard Contractual Clauses (SCCs) and/or Data Processing Addendums / Agreements (DPAs) in place for international data transfers
  • We support clients in responding to data subject access requests (DSARs) as required under GDPR

 

8. Contact / Request Access

 

          Security contact email: security@hkr.team