Skip to main content
Skip table of contents


Harbr’s information security strategy is based around the core NIST principles of Identify, Protect, Detect, Respond, and Recover.


We run a comprehensive vulnerability identification program, which starts with identifying our assets and then deploying tooling to scan for vulnerabilities. This happens across the product development lifecycle, from threat modeling at the early stages, through to penetration testing of the resulting product. A similarly robust process is used for our internal business operations, as well as identifying and risk assessing our suppliers.


Harbr takes a defense in depth approach to security, applying robust and proportionate technical safeguards, as well as policies and procedures that are backed by audit and our ISO27001 certification. We also have a security awareness program for all employees, and completion of this is required in order to maintain access to any systems.


We have a centralized Security Incident and Event Monitoring platform that collates logs from all systems, including our identity and access platform, which is at the heart of our defensive capability. Security monitoring is conducted in as near to real time as possible and we use machine learning to discover anomalies that need investigation.


Our incident response capability is focused on minimizing the impact of any discovered breaches or vulnerabilities. Any Harbr employee and any customer is able to raise a security incident, which is immediately triaged to drive an appropriate response. We regularly test and refine this process.


Recovery from an information security incident is built into our business continuity and disaster recovery planning, and we continually refine and improve these processes.

Read more about our security posture here.

Security whitepaper March 22.pdf

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.