Howwe Technologies is committed to adhering to best practices in compliance, ensuring alignment with applicable laws, regulations, and industry standards. While Howwe is not formally certified, our operations and internal processes are designed to meet the principles and requirements outlined in leading frameworks such as GDPR, ISO 27001, and SOC 2. This approach minimizes risk, enhances trust, and ensures operational excellence.
1. Compliance Framework
Level 1: External Compliance
Howwe ensures adherence to external regulations, including data protection laws (e.g., GDPR, CCPA) and industry frameworks, even though formal certifications are not currently held.
Level 2: Internal Compliance
Internal policies and processes are structured to align with external requirements. This includes documented procedures, training, and internal audits to meet the expectations of established standards.
2. Policy Management and Review
Proactive Updates
Policies are reviewed and updated annually during Q4 and as needed to address regulatory changes or evolving business requirements.
Policies are designed to reflect adherence to frameworks such as ISO 27001 (Information Security Management) and SOC 2 (Trust Service Criteria).
Review Process
Registration and Tracking: Policies are maintained in a centralized repository with designated owners.
Evaluation: Updates are assessed for compliance impact and alignment with industry best practices.
Approval: Changes are approved by designated leadership (e.g., CFO, CPO).
3. Change Management Policy
The change management process ensures that updates to policies, systems, or operational processes are implemented in a controlled and documented manner.
Core Steps
Logging: Every change is registered with details on scope and stakeholders.
Impact Analysis: Changes are evaluated for risks to IT environments, compliance, and business continuity.
Testing: Updates are tested in isolated environments to validate functionality and minimize disruption.
Documentation: Comprehensive records are maintained for audit and review purposes.
Deployment: Changes are implemented with monitoring mechanisms and restoration plans in place.
4. Policy Status Tracking
To ensure visibility and accountability, each policy is assigned a status:
Green: Reviewed and up to date.
Yellow: Requires further clarification or review.
Red: Pending review or identified as non-compliant.
5. Compliance Practices
Adherence to Standards
While not formally certified, Howwe operates in alignment with the following frameworks and practices:
GDPR Principles: Data minimization, transparency, and user rights are foundational to our processes.
ISO 27001 Standards: Internal policies reflect the guidelines for information security management.
SOC 2 Principles: Security, availability, and confidentiality practices are integrated into system design.
Security Measures
Encryption: AES-256 for data at rest; TLS 1.3 for data in transit.
Access Controls: Role-based access control (RBAC) limits data access to authorized personnel.
Incident Response: Documented plans ensure timely detection, escalation, and resolution of security incidents.
6. External Sources and Applicable Laws
Legal and Regulatory References
General Data Protection Regulation (GDPR)
https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_enCalifornia Consumer Privacy Act (CCPA)
https://oag.ca.gov/privacy/ccpa
Frameworks and Standards
ISO 27001 (Information Security)
https://www.iso.org/isoiec-27001-information-security.htmlNIST Cybersecurity Framework
https://www.nist.gov/cyberframework
While Howwe does not hold formal certifications, our practices are modeled on the requirements of these frameworks, providing assurance to customers and stakeholders.
7. Revision and Accountability
Revision Schedule
Policies are revised at least once annually or more frequently as regulations and business needs evolve.
Accountable Team Members
Stina Åkesson: Vice President, Chief Financial Officer (CFO/COO)
Johan Grönstedt: Vice President, Chief Product Officer (CPO)
8. Continuous Improvement
Feedback Integration: Policies are refined based on input from employees, customers, and audit findings.
Regular Audits: Internal reviews ensure policies remain effective and aligned with external requirements.
Employee Training: Regular sessions educate staff on compliance updates and expectations.
9. Contact Information
For questions or suggestions about our compliance practices, contact us at:
Email: [email protected]