Policy

•  Policy: All individuals involved in HRSC consulting services, including consultants and subcontractors, sign strict confidentiality and non-
  disclosure agreements (NDAs). Enhanced security verification is required for consultants.
• Practice: o Scope of confidentiality is clearly outlined in NDA agreements,covering all data and information exchanged.
• o Data is permanently deleted after the consulting work is completed.
• o Work is conducted on Canadian cloud servers.

 HRSC implements robust security measures to protect personal data from unauthorized access, alteration, or disclosure. This includes both technical safeguards and organizational policies.

The HRSC website uses cookies and similar technologies to collect data on website usage to enhance user experience and services. Users can manage or disable cookies through their browser settings.

The privacy policy may be updated periodically. Changes will be communicated via the website. Clients are encouraged to review the
policy regularly.

HRSC ensures that its affiliates and subcontractors who have access to client data implement appropriate administrative, physical, logical, and
technical security measures, including disaster recovery procedures, to protect data.

Client data is logically and physically segregated from other client data and services, ensuring that it remains separate from HRSC’s and other
clients’ information.

All client data is encrypted at all times, including during storage, processing, and transmission.clients’ information.

HRSC personnel complete annual security and privacy training and maintain current knowledge of applicable threats and countermeasures.
Evidence of training completion is provided upon request.

HRSC and its subcontractors perform comprehensive security and background checks on personnel, including identity verification, credit
checks, criminal record checks, verification of qualifications, and character references.Evidence of training completion is provided upon request.

HRSC has a Security Incident Response Plan to address and recover from security incidents. This plan includes internal processes, goals, roles,
responsibilities, communication protocols, remediation requirements, documentation, and annual testing.