Trust & Security

Home » Trust & Security
Trust & Security

How We Protect Client Data

Halyard Consulting maintains a documented cybersecurity, privacy, and risk program to safeguard information and deliver reliable services. We operate with least-privilege access, strong authentication, and clear accountability.

Our Security Program

  • MFA by default; device and data encryption; endpoint protection/EDR.
  • Role-based access reviews; patching and vulnerability management.
  • Secure backups and change control; vendor risk reviews and DPAs as applicable.
  • Staff security training and annual policy reviews.

Incident Response

Written IR plan with defined roles and escalation paths.

  • Detection → triage → containment → forensics → remediation → recovery.
  • Notify affected clients and relevant parties within 24 hours of a confirmed incident (or faster if required).
  • Coordinate with sub-processors and deliver a post-incident report with corrective actions.

Data Protection & Privacy

  • Data identification/classification and retention policies.
  • Encryption in transit/at rest; audit logging; secrets management.
  • Mobile device management for corporate endpoints.

Compliance & Commitments

  • SOC 2: Not currently certified; aligned to best practices.
  • CDI/CUI: Plan to be capable via a segregated, NIST SP 800-171/CMMC-aligned enclave when required.
  • Responsible AI & Accessibility: Plain-language UX, multilingual options, ADA/Section 508 considerations.
  • Supplier Diversity: See our Supplier Diversity & Sustainability page.

Subprocessors & Data Location

We minimize third-party access. A current list of subprocessors and data-location details is available upon request under NDA.

Join Our Consulting Insights Newsletter

Learn how AI is transforming public engagement, municipal operations, and small business workflows.