We understand that you can't do your job well, without the confidence and comfort that the systems you use are completely secure and compliant. Your data needs to be impregnable, and your system needs to be 100% industry and regulation compliant. Let us share with you how we ensure these things, and if you or your companies compliance team need more information, please don't hesitate to get in contact.
At Headquarter Plus, your data security is our top priority. We understand the importance of protecting your sensitive information, and we have implemented world-class measures to ensure its safety.
Our primary security policy, NoPiiData, provides an innovative approach to data protection. Instead of storing your data on our servers, you keep it in your own secure Google Drive. This means your information is safeguarded by Google’s industry-leading security standards, which include robust encryption, regular security audits, and advanced threat detection systems.
CriticalBenefits of NoPiiData:
1. Google’s Security: Your data benefits from the same security measures that protect millions of users worldwide. Google’s security infrastructure is one of the most advanced in the industry, ensuring top-tier protection.
2. Data Decentralization: By storing your data separately, the risk of a breach affecting multiple users is completely negated. In the unlikely event of a security incident, only the individual’s data is at risk, and no other user’s information can be accessed. If the user activates our OPT/2FA (two-factor authentication) they will also be protected from a human-caused (phishing/sharing passwords) security breach, making the data extremely secure.
3. Data Privacy: Headquarter Plus cannot access or share your data. This ensures complete privacy and control over your information,giving you peace of mind that your sensitive data remains confidential and under your ownership.
4. Financial Data: Headquarter Plus DO NOT collect or store any client financial data. Any data or information display is for PRESENTATION PURPOSES ONLY. Any financial information entered into our presentation roadmap tools is completely erased on sign out.
WithNoPiiData, you can be confident that your information is secure, private, and protected by the highest standards. Thank you for trusting Headquarter Plus with your data security.
How NoPiiData works:
Within each user's HQ+ account settings there is an option to engage the NoPiiData system. If they have existing client data in the HQ+ system this will be migrated. This process can take up to a week as our tech team confirms every migration to make sure it is properly secure. Once their account is migrated and new data is entered, they will automatically use the NoPiiData system, and all data on the HQ+system will be removed.
When the HQ+ system uses data with permission from the user's hidden Google Drive, it is used as a reference point, and no data is stored on the HQ+ system once the specific task is complete. This ensures there is no way for HQ+ as a third party to collect, observe, or share the data that users have entered into the NoPiiData system.
At HQ+, we prioritize your data security and compliance. Our robust measures align with the highest industry standards, ensuring your information is protected and your trust is earned. Here’s how we meet key compliance requirements set by the Monetary Authority of Singapore (MAS) and Prudential standards.
1. Data Protection and Privacy:
• Personal Data Protection Act (PDPA): HQ+ complies with PDPA by implementing policies and procedures for the proper collection, use, and disclosure of personal data. Regular training ensures all employees understand their obligations under PDPA.
• User Client Consent: HQ+ provides a consent collection tool so users can collect specific consent to receive communications from, and have their data stored on the system. In-app prompts and the Terms and Conditions make it explicitly clear the importance of collecting consent and their responsibility for collecting it.
• Notification: The notification of individuals of the purpose for which their personal data is being collected, used, or disclosed is done at the time of collection through the use of the Consent tool.
• Confidentiality Agreements: All employees and third-party vendors sign confidentiality agreements. Access to sensitive data is restricted based on roles and responsibilities, ensuring only authorized personnel handle personal information.
• Purpose Limitation: HQ+ collect and use personal data only for purposes that a reasonable person would consider appropriate in the circumstances and to which the individual has been informed and has consented.
• Access and Correction: Users can update and correct their information at any time. User clients can access their personal data upon request through the agent they gave consent and allow them to correct any inaccuracies.
• Protection: HQ+ has implemented the above-required security arrangements to protect personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. The NoPiiData, OTP-2FA, and consent tools, as well as the internal policies and training for HQ+ staff ensure all data is protected.
• Retention Limitation: HQ+ ceases to retain personal data or removes the means by which the data can be associated with individuals when it is no longer necessary for business or legal purposes. All data can be removed at the request of the user.
• Transfer Limitation: HQ+ ensure that ALL DATA remains within Singapore and is neither shared with nor stored in any other country.
• Accountability: HQ+ has 2 Data Protection Officers (DPO) to ensure compliance with PDPA and develop policies and practices to meet PDPA obligations. Those 2 officers are Thomas Perry (CEO), and Will Ho (CTO).
2. Cybersecurity:
• Cyber Hygiene Notices: HQ+ adheres to MAS guidelines by conducting regular security audits, applying patches promptly, and enforcing strong authentication methods, including multi-factor authentication (MFA).
• Cybersecurity Act: HQ+ has implemented a cybersecurity framework that includes incident response plans, continuous monitoring, and regular security assessments. Significant incidents are always reported to MAS as required.
• OTP/2FA: HQ+ has a One Time Password, Two Factor Authentication system to prevent 3rd party login.
• Cybersecurity History. To date HQ+ has had ZERO cybersecurity incidents or breaches.
3. Risk Management:
• Operational Risk Management: HQ+ has created a LOW RISK operational program, complimented by regular risk assessments, internal controls, and monitoring mechanisms to manage and mitigate operational risks.
• Third-Party Risk Management: HQ+ conducts due diligence on all third-party vendors to ensure they comply with relevant regulations and maintain high-security standards. Regular audits and assessments are performed to ensure ongoing compliance.
4. Regulatory Reporting:
• Timely Reporting: HQ+ has a 24-hour timeline for the reporting of data breaches, cybersecurity incidents, and other compliance issues to MAS, ensuring transparency and accountability.
• Accurate Records: HQ+ maintains accurate and complete records of all transactions, communications, and compliance activities.
5. AML/CFT Compliance:
• Anti-Money Laundering (AML): HQ+ operates in a very low risk are for money laundering activity, however an AML policies is in place, including customer due diligence, transaction monitoring, and suspicious activity reporting, to prevent and detect money laundering activities.
• Countering the Financing of Terrorism (CFT): HQ+ complies with CFT regulations by screening against sanction lists and ongoing identification of suspicious client activities.
6. Data Storage and Transmission:
• Encryption Standards: HQ+ uses industry-standard encryption methods to protect data in transit and at rest, ensuring unauthorized access is prevented.
• Data Localization: HQ+ complies with data localization requirements by ensuring that data is stored within local data centres.
7. Client Communication and Transparency:
• Clear Communication: HQ+ ensures transparent communication with clients regarding data storage, use, and protection policies. Regular updates and clear Terms and Conditions help clients understand their data privacy rights.
• Consent Management: HQ+ obtains explicit consent from users and user clients for data collection and processing activities, ensuring compliance with PDPA and maintaining client trust.
8. Additional compliance:
• Financial Guidelines: HQ+ adheres to prudential guidelines set by MAS, including maintaining adequate capital reserves, liquidity management, and regular financial reporting to ensure financial soundness.
• Business Continuity Planning: HQ+ has robust business continuity and disaster recovery plans in place, including regular testing and updates, to ensure minimal disruption to services in the event of an incident.
By addressing these compliance issues comprehensively, HQ+ ensures alignment with MAS regulations and maintains high standards of security, privacy, and operational integrity, thereby fostering trust and reliability in its services.
Book a demo