1. Hoylu Knowledgebase
  2. Accessibility & Security

Security FAQ

-Where is information stored in Hoylu?

-Can you share general information about the security of the solution?

-How does Azure AD integration work?

-How are the security/authentication rules for local users? Password complexity / 2-factor?

-How does access control take place within our area? Can access be controlled per project?

-Who, if anyone, has access / can acquire access to our projects including any administrators in Hoylu?

-Can we safeguard confidentiality per project - including preventing administrators in Hoylu from extracting information from our projects?

-Do we have access to audit logging?

 

 

Where is information stored in Hoylu?
    1. Azure data center West Europe; or for U.S. specific clients upon request, in North America.

 

Can you share general information about the security of the solution?
    1. Hoylu takes the security of data very seriously. Hoylu has a comprehensive, written information security program that secures Hoylu information assets in a manner commensurate with each asset’s value as established by risk assessment and mitigation measures. Hoylu is an ISO/IEC 27001:2013 provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. All “users” are required to login to the Hoylu platform, based on a series of available sign-on options (SSO, 2-Factor, etc). All Hoylu Workspaces remain behind a secured platform, meeting the ISO/IEC 27001:2013 requirements. For additional information review of Security Overview section of our website.

 

How does Azure AD integration work?
    1. The Hoylu Platform and Azure AD integration is a standard OAuth2 flow.  We have an Azure “App Registration” that the customer adds some permissions to in their AD and then AD integration is possible.  At no time does Hoylu store any customer passwords in this flow.  This process follows the Microsoft standards noted in the documentation https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

 

How are the security/authentication rules for local users? Password complexity / 2-factor?
    1. Hoylu offers organizations the option of enable single sign-on and licensing of their users. Details on the security/authentication rules can be found in our Hoylu Knowledgebase’s Accessibility & Security section. Additionally, Hoylu can enable the 2-Factor Authentication for any Enterprise Hoylu orgs. For more information on the set-up of 2-Factor Authentication, please review of June Product Release notes.

 

How does access control take place within our area? Can access be controlled per project?
    1. Holyu gives users the ability to work with others on the same Workspaces, at the same time. You can invite people over to your Workspace and assign them different roles. Every user can work on a different part of the Workspace or they can just observe. For more details on our permissions and sharing workspaces, please review our Knowledgebase article.
    2. Access control can be given on multiple layers for Hoylu:
      i. Policies (Hoylu Management Portal)
      ii. Company AD/SSO
      iii. Project level (Named users, Project admin, contributor)
      iv. Workspace level (Levels: No access, Read, Edit, Admin)

 

Who, if anyone, has access / can acquire access to our projects including any administrators in Hoylu?
    1. Customer Data will be used by Hoylu in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Hoylu is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a Workspace, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services. Hoylu employees will not access any client workspaces without direct instructions from the Customers – which will require written consent through our Support Team. Please review our Privacy Policy and Terms of Use for additional details.

 

Can we safeguard confidentiality per project - including preventing administrators in Hoylu from extracting information from our projects?
    1. Customer Data will be used by Hoylu in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Hoylu is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a Workspace, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services. Hoylu employees will not access or extract any client workspaces without direct instructions from the Customers – which will require written consent through our Support Team. Additionally, users can set Permissions to include a dedicated Password to access any Workspace. This setup can be performed by the Customer at any time, per project/workspace, through the Hoylu Permission Settings. Please review our Privacy Policy and Terms of Use for additional details.

 

Do we have access to audit logging?
    1. Audit Logs can be provided to clients by reaching out to our Hoylu Support Team at support@hoylu.com. For a full overview of our Data Retention procedures, please visit our Privacy Policy.