Security Measures
- Current as of: 20 January 2023
Homerun has implemented a comprehensive security programme of technical and organizational measures to protect the data of its customers against unauthorized use or access, loss, destruction, theft, or disclosure. Current security measures include, but are not limited to:
- - Security Management: Information security policies and procedures are defined and approved by management and communicated to all staff members. Security measures are reviewed on a regular basis. We are in the process of implementing and certifying against ISO 27001 and ISO 27701.
- Security Awareness: Homerun staff receive regular security and privacy training.
- Secure Data Centers: The SaaS is hosted in high-security datacenters with relevant certifications, such as ISO 27001.
- Secure Data Storage: All customer data is stored on high-availability storage. It is encrypted at rest using AES-256 industry-standard encryption technology. Data is backed up automatically at least daily. The backups are encrypted, stored offsite, and access to them is protected.
- Network Security: Network connections are encrypted using HTTPS, TLS or other industry-standard encryption technology, and protected using firewalls.
- Secure Configuration: Systems are configured using secure baselines and reviewed regularly.
- Security Patching: Systems, services and application frameworks receive necessary security patches on a regular basis.
- Access Control: Access to production systems is restricted to authorized staff and requires multi factor authentication.
- Logging: Actions in systems and applications are logged and monitored.
- Code Review: Changes to the systems and applications are peer-reviewed before they go into production, with attention to secure coding guidelines.
- Quality Assurance: Changes are tested using a combination of automated and manual tests.