Cybersecurity Statement of Compliance
The intent of this statement is to assist insurance agencies with an active business relationship with HawkSoft Inc. to document HawkSoft's compliance with cybersecurity regulations.
Entity
Sean Hawkins
VP, Development
on behalf of
HawkSoft, Inc.
1230 SE 3rd Ave
Canby, Oregon 97013
Covered Entity
HawkSoft is not a covered entity under 23 NYCRR 500. HawkSoft does not hold any licenses issued by the NYS Department of Financial Services.
Compliance with 23 NYCRR 500
HawkSoft complies with the relevant data security requirements outlined in Section 500.15 Encryption of Nonpublic Information.
Penetration Testing
HawkSoft has undertaken penetration testing for our software. The last test was conducted by Direct Defense on September 6, 2018.
Data In Transit
HawkSoft encrypts data in transit. Data controlled by HawkSoft is encrypted in transit using TLS 1.2. Some data has an additional layer of AES 256-bit encryption.
Data At Rest
HawkSoft encrypts data at rest. Personal identifiable information is encrypted at rest starting with HawkSoft CMS Version 4.4 which released in September 2018. It is the responsibility of the customer (agency) to ensure:
1) Their software is updated to Version 4.4 or later
2) All legacy data is encrypted by running the Image Encryption utility
3) All new data added is encrypted automatically
More information is available in the Help system within HawkSoft CMS. Search for Image Encryption utility.
Access Controls
HawkSoft deploys controls to limit access to relevant information systems and Nonpublic Information.
Multi-factor Authentication
HawkSoft offers agencies running HawkSoft Online the option to enable multi-factor authentication upon request.
Notifications
HawkSoft has policies and procedures in place to notify our agencies in the event of a cybersecurity event directly impacting our system that holds Nonpublic Information.
Last Revision: February 8, 2019