Security & Compliance
Harris & Harris contracts with third-party security firms to assess our compliance with multiple data security standards and frameworks. We do this to ensure our security needs and those of our clients are met, to provide annual security audits, and to manage our infrastructure and data security professionally. The ongoing audits help ensure continued compliance with all industry-standard security measures and client security policies and requirements.
Our annual audits ensure compliance with several standards including but not limited to:
- Pub 1075/NIST 800-53
- PCI DSS v4 (Payment Card Industry Data Security Standards)
- PII (Personal Identifiable Information)HIPAA/HITECH Compliance
- ISO 27002
- Red Flag Rules
- Gramm-Leach-Bliley Act (GLBA)
- SOC 1 Type 2 and SOC 2 Type 2
- State-mandated certifications
We provide 256-bit encryption for data both in transit and at rest using the PGP standard, and we maintain secure FTP or SFTP transfers