Hotjar’s Information Security Policy is the overarching collection of policies implemented to ensure the confidentiality, integrity, and availability of the data we store. Our approach to information security centers on identifying opportunities to optimize, gain efficiencies and remain effective in our business output and operations.
Policies and Procedures
Our operational policies ensure that we provide all our Hotjar team members with the necessary practices to build upon the strong foundations of their security onboarding. We utilize these policies daily and review them regularly.
Hotjar has implemented the following internal policies:
- Information Security Policy
- Acceptable Use Policy - Production Systems
- Acceptable Use Policy - Internal Operations
- Access Control Policy
- Backup Policy
- Change Management
- Data Classification Policy
- Data Protection Impact Assessment (DPIA) Policy
- Data Protection Policy
- Data Retention Policy
- Disaster Recovery
- Security Risk Management & Governance
- Third-Party Risk Assessment Process
Vendor Risk Management
Hotjar has established a Third-party Risk Assessment process that addresses the appropriate onboarding of new tools and services used by our team. These tools ultimately help our team to maintain and support core business functions, however, there are risks associated with adding new services or systems where data may be shared.
All reviews have consideration for the introduction of personally identifiable information, and if required may be subject to further data-privacy specific assessments.
Every new tool, vendor or service is subject to a three-step risk assessment.
- Legal: review contractual obligations, restrictions, and requirements.
- Security: reviews the tools of technical and organizational measures.
- Technical: reviews the appropriate features, industry recognition and productivity value.
Our Vendor Risk Management Process purpose is to ensure that a new service or tool does not introduce any additional risks to the Hotjar.
All team members are required to complete a number of steps prior to joining, as well as a number of onboarding tasks during their first few weeks onboarding.
Onboarding provides all team members an opportunity to understand the security culture at Hotjar as well as give a baseline understanding of our Security posture.
The security side of onboarding includes:
- Signed confidentiality agreements, before hiring.
- Background checks performed to check for prior convictions, affiliations to politically sensitive organizations
- Cyber Security Awareness Training during onboarding week.
- Security Tools and Services orientation.