Security & Compliance

Last Updated: 10/7/2025

1. Security Overview

At Holoware, security is our top priority. We implement comprehensive security measures to protect your data and ensure the integrity of our MDM platform. Our security program is designed to meet industry standards and regulatory requirements.

2. Data Encryption

2.1 Encryption at Rest

  • All data stored in our databases is encrypted using AES-256 encryption
  • Encryption keys are managed using industry-standard key management systems
  • Regular key rotation policies are enforced
  • Backups are encrypted with separate encryption keys

2.2 Encryption in Transit

  • All data transmission uses TLS 1.3 or higher
  • API communications are secured with mutual TLS authentication
  • Certificate pinning is implemented for mobile agents
  • Perfect Forward Secrecy (PFS) is enabled for all connections

3. Access Controls

  • Multi-Factor Authentication (MFA): Required for all administrative accounts
  • Role-Based Access Control (RBAC): Granular permissions based on job function
  • Principle of Least Privilege: Users have minimum necessary access
  • Session Management: Automatic timeout and secure session handling
  • IP Whitelisting: Optional IP-based access restrictions
  • Audit Logging: All access and actions are logged and monitored

4. Compliance & Certifications

4.1 Standards Compliance

  • ISO 27001: Information Security Management System certification
  • SOC 2 Type II: Annual audits for security, availability, and confidentiality
  • GDPR: Compliant with EU data protection regulations
  • HIPAA: Healthcare data protection compliance available
  • PCI DSS: Payment card data security standards

4.2 Data Residency

We offer data residency options to meet regional compliance requirements. Customer data can be stored in specific geographic regions as required by local regulations.

5. Infrastructure Security

5.1 Cloud Infrastructure

  • Hosted on enterprise-grade cloud infrastructure with 99.9% SLA
  • Multi-region deployment for high availability and disaster recovery
  • Automated failover and redundancy mechanisms
  • DDoS protection and web application firewall (WAF)

5.2 Network Security

  • Network segmentation and isolation
  • Intrusion detection and prevention systems (IDS/IPS)
  • Regular vulnerability scanning and penetration testing
  • 24/7 security monitoring and incident response

6. Application Security

  • Secure Development: OWASP Top 10 compliance in development practices
  • Code Reviews: Mandatory security code reviews for all changes
  • Dependency Management: Regular updates and vulnerability scanning of dependencies
  • Input Validation: Comprehensive input sanitization and validation
  • API Security: Rate limiting, authentication, and authorization on all endpoints

7. Incident Response

7.1 Security Incident Management

We maintain a comprehensive incident response plan that includes:

  • 24/7 security operations center (SOC) monitoring
  • Defined escalation procedures and response times
  • Incident classification and severity assessment
  • Customer notification within 72 hours of confirmed breach
  • Post-incident analysis and remediation

7.2 Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to: security@holoware.co

8. Data Backup & Recovery

  • Automated daily backups with 30-day retention
  • Encrypted backup storage in geographically separate locations
  • Regular backup restoration testing
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 24 hours

9. Employee Security

  • Background checks for all employees with data access
  • Regular security awareness training
  • Confidentiality and non-disclosure agreements
  • Immediate access revocation upon termination
  • Separation of duties for critical operations

10. Third-Party Security

All third-party vendors and service providers undergo security assessments. We require:

  • Security questionnaires and due diligence reviews
  • Data processing agreements (DPAs)
  • Regular security audits of critical vendors
  • Compliance with our security standards

11. Continuous Improvement

Our security program is continuously evolving. We conduct:

  • Annual third-party security audits and penetration tests
  • Quarterly internal security assessments
  • Regular security training and awareness programs
  • Continuous monitoring of emerging threats
  • Participation in security research and industry forums

12. Contact Security Team

For security-related inquiries or to report a vulnerability:

  • Security Email: security@holoware.co
  • General Email: sales@holoware.co
  • Phone: 1800 572 5882