WORK WITH US Let’s Get Started
Security is the highest priority for HIC. We consider the confidentiality, integrity and availability of our partners and citizens information critical in the services we provide. Since the nature of cybercrime continues to evolve, our security program and forward-leaning posture has expanded to address the changing threats. Our proactive security approach includes working with our state partners to identify and implement internal policies, hardware and software solutions, and industry-leading audit features that mitigate the security risks state government portals encounter. As a subsidiary of a publicly traded company that processes credit card transactions, HIC is held to the high security standards required by both the Sarbanes-Oxley Act (SOX) and the Payment Card Industry’s Data Security Standards (PCI DSS). HIC also participates in NIC Security & Compliance Assessment program, an intense, invasive, and arduous process that includes multiple components to measure our compliance with NIC’s essential security practices.
HIC’s security policies are reviewed annually and updated as necessary to ensure it keeps up with changes to technology and any new threat areas. All employees and contractors are made aware of HIC’s security policy and are required to adhere to the “acceptable use of technology” requirements. The following list shows key areas that our policy covers, but is not an all-inclusive list, as we reserve the right to take additional measures to ensure the confidentiality, integrity and availability of our systems, applications, networks and the data stored and processed by them.
Quarterly external PCI scans are performed by Tenable Network Security, an approved scanning vendor certified by the PCI security standards council to maintain PCI compliance status.
Quarterly external scans, biannual internal scans and annual review and update as needed of security policies and procedures to meet compliance with the NIC Security & Compliance Assessment program.
HIC’s systems and networks are monitored with multiple security solutions. These solutions alert support personnel when adverse or suspicious events occur so that corrective actions may be taken.
Our online applications utilize secured two-way transactions and the ability to conduct transactions through a 256-bit Secure Sockets Layer (SSL) Server. This technology uses the public-and-private key encryption system which also includes the use of a digital certificate authentication of the network server.
Data integrity in a transaction environment is validation that the data received is the same as the data that was generated. This is a fundamental element to the technology of digital certificates and the processing of digital signatures.
One of the most important requirements for the implementation of electronic government is the need to enhance and promote trust in the transactions performed using the state’s portal. However, the many different transactions involved in an electronic government solution require a wide variety of security levels. It is important when evaluating a particular transaction to recognize this and review the various alternatives available.
HIC performs internal and independent third-party security audits to test the implemented security model against the latest known vulnerabilities and threats. The internal security audits include:
HIC has contracted with McAfee to perform quarterly security audits at HIC’s expense. The results are reported to HIC’s financial institutions. HIC proposes to continue to use McAfee to meet the annual security audit requirement.
In 2005, NIC completed a year-long initiative to meet and exceed the security requirements set out by the PCI DSS. To satisfy both Sarbanes Oxley (SOX) and the PCI DSS, NIC retained an independent security firm certified by the Payment Card Industry (PCI) to conduct routine network scans of all portal operations to monitor our compliance with both SOX and the PCI DSS. To date, HIC remains compliant with both SOX and the PCI DSS. To further bolster our SOX and PCI DSS compliance, we regularly conduct internal audits of all HIC staff and services for SOX and PCI DSS requirements and to identify any vulnerabilities or weaknesses requiring remediation each year.
HIC meets level 3 merchant PCI DSS compliance. HIC’s security policy documents the procedures for the current portal contract and are well beyond the requirements for PCI DSS and SOX compliance showcasing HIC’s commitment to the security of the Hawaii portal and its data.