Our Approach
Software security is critically important to HCL and our valued clients. The HCL security strategy covers all aspects of our business, including corporate and organizational security policies, incident management and response, business continuity and disaster recovery, secure software development processes, and privacy.
HCLSoftware prioritizes Trust, Security and Privacy across our entire product suite. We ensure leading edge security best practices are a core part of all stages of our software development lifecycle before any product is released to market. This includes comprehensive security scanning techniques, robust penetration testing and threat modelling at all levels of the application and infrastructure stack. We use our own products in addition to leveraging a diverse set of third-party researchers and tools, to test comprehensive capability across all levels. Following application introduction, we continue to constantly assess its risk profile and immediately initiate any additional remediation measures, if necessary.
The resources you see below proudly demonstrate HCLSoftware’s commitment to the Trust, Security and Privacy of our products.
- Adam Currie, Global VP & Chief Information Security Officer
Secure Product Development
Secure Product Development
HCLSoftware adheres to stringent development processes to produce the code we develop and provide both our commercial and government customers. The development models (standard release or continuous delivery) covers the full development cycle including key practices around …
- Requirements Management
- All aspects of Architecture and Design
- Secure Engineering Practices
- Risk Management
- Threat modelling
- Code scanning
- Coding and Coding standards
- Review and test methods at all stages
- Defect Management
All Development practices incorporate change control and are the key criteria assessed at release approval stage
Secure Product Support
Secure Product Support
Our Product Support teams protect our customer data and information by collecting only vital information, limiting access to customer contact information and case data to only those who are actively working to troubleshoot the reported problem, and encrypting customer sensitive information making it unreadable to anyone other than the intended party. Our data protection policy includes:
- Collecting only vital company and contact information.
- Communicating customer information and data via HTTPS and Transport Layer Security (TLS) protocols.
- Sending diagnostic data via SFTP or HTTPS using TLS protocols and encrypting stored data using the AES algorithm.
Get in touch
Our valued clients can rest assured that we keep security foremost in our minds as we develop, test and deliver effective software solutions. For more information contact us or explore our product portfolio.
Explore Security Solutions for Your Business
Endpoint Management Platform
HCL BigFix is the only endpoint management platform that enables IT Operations and Security teams to fully automate discovery, management and remediation – whether its on-premise, virtual, or cloud – regardless of operating system, location or connectivity.
Application Security Testing
HCL AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.
