HDR strives to consistently provide professional services that satisfy our clients and comply with our global obligations. Global privacy requirements are complex and change rapidly. Regardless of the complexity, we recognize that protecting personal data is a shared responsibility important to organizational success.
HDR has implemented an enterprise-wide Personal Data Protection Policy defining how we aim to protect personal data through privacy principles, technical and organizational safeguards, and oversight. We also publish Individual Privacy Notices to ensure transparency for global employees.
To further this protection, HDR's global Information Systems Security Policy governs both employee and contractor acceptable use of Information Systems. We have implemented certain security controls and processes that are consistent with key government and industry data protection regulations and standards. Among them are controls and processes relating to various global requirements and standards, including without limitation GDPR, ISA/IEC, and NIST. Audit findings are used to address identified gaps and implement improvements to our policies and best practices.
We have appointed a Data Protection Officer and we train employees at hire and annually to promote awareness and consistency. We encourage our employees to focus on continual improvement opportunities through their daily activities and workflows to achieve our objectives of client satisfaction and sustain long‐term company performance.