Trust & Security
How We Protect Client Data
Halyard Consulting maintains a documented cybersecurity, privacy, and risk program to safeguard information and deliver reliable services. We operate with least-privilege access, strong authentication, and clear accountability.
Our Security Program
- MFA by default; device and data encryption; endpoint protection/EDR.
- Role-based access reviews; patching and vulnerability management.
- Secure backups and change control; vendor risk reviews and DPAs as applicable.
- Staff security training and annual policy reviews.
Incident Response
Written IR plan with defined roles and escalation paths.
- Detection → triage → containment → forensics → remediation → recovery.
- Notify affected clients and relevant parties within 24 hours of a confirmed incident (or faster if required).
- Coordinate with sub-processors and deliver a post-incident report with corrective actions.
Data Protection & Privacy
- Data identification/classification and retention policies.
- Encryption in transit/at rest; audit logging; secrets management.
- Mobile device management for corporate endpoints.
Compliance & Commitments
- SOC 2: Not currently certified; aligned to best practices.
- CDI/CUI: Plan to be capable via a segregated, NIST SP 800-171/CMMC-aligned enclave when required.
- Responsible AI & Accessibility: Plain-language UX, multilingual options, ADA/Section 508 considerations.
- Supplier Diversity: See our Supplier Diversity & Sustainability page.
Subprocessors & Data Location
We minimize third-party access. A current list of subprocessors and data-location details is available upon request under NDA.
Security Inquiries
Email: jonathan@halyard.consulting
Phone: 201-725-5268