Home » Terms » Cybersecurity

The intent of this statement is to assist insurance agencies with an active business relationship with HawkSoft Inc. to document HawkSoft's compliance with cybersecurity regulations.


Sean Hawkins
VP, Development

on behalf of

HawkSoft, Inc.
1230 SE 3rd Ave
Canby, Oregon 97013


Statement of Compliance

HawkSoft has administrative, physical, and technical policies in place to safeguard Nonpublic Information.



HawkSoft is SOC 2 compliant as a Service Organization through the AICPA, the governing body that administers compliance. We undergo an annual review to maintain this compliance.


Penetration Testing

HawkSoft uses an independent third-party to conduct penetration testing on our software. Penetration testing is conducted one or two times per year.


Data In Transit

HawkSoft encrypts data in transit. Data controlled by HawkSoft is encrypted in transit using TLS 1.2. Data that contains Personally Identifiable Information (PII) has an additional layer of AES 256-bit encryption.


Data At Rest

HawkSoft encrypts data at rest. Personal identifiable information is encrypted at rest starting with HawkSoft CMS Version 4.4 which released in September 2018. It is the responsibility of the customer (agency) to ensure:

1)Their software is updated to HawkSoft 4.4 or later
2) Data on HawkSoft 6 and later is encrypted by default by our cloud platform. Data on HawkSoft 5 and prior versions is encrypted by running the Image Encryption utility.
3) All new data added is encrypted automatically

More information is available in the Help system within HawkSoft CMS. Search for Image Encryption utility.


Access Controls

HawkSoft deploys controls to limit access to relevant information systems and Nonpublic Information.



HawkSoft has policies and procedures in place to notify our agencies in the event of a cybersecurity event directly impacting our system that holds Nonpublic Information.

Last Reviewed: February 1, 2024