SECURITY & SAFETY

Harmoney is currently SOC 2 Type 1 compliant.Harmoney was assessed independently and has achieved compliance with the following trust principles - Security, Availability and Confidentiality.

Harmoney maintains documented SDLC policies and procedures to guide employees in documenting and implementing application and infrastructure changes. This includes secure development training, vulnerability scanning, code reviews as well as automated and manual testing.

Web application and network firewalls are in place to protect the Harmoney application from attacks that may compromise the availability of the service. Harmoney also has multiple monitoring systems and alerts in place to detect and manage threats.

Two-factor authentication is required for all users in Harmoney.

Harmoney uses Google Cloud (GCP) for cloud hosting. GCP is an industry leader and provides a highly scalable cloud computing platform with end-to-end security and privacy features built-in. GCP maintains SOC 2 and ISO 27001 certifications, among others. Learn more.

The Harmoney application and its data are hosted by GCP within the Australian region.

Harmoney has implemented an encryption policy that conforms to international encryption standards such as Transport Layer Security (TLS) and Advanced Encryption Standard (AES). Encryption keys and certificates are centrally managed and protected via secure management systems.

Data is encrypted both in transit and at rest. Customer passwords are hashed and salted; the salting applied is unique and random.

Harmoney complies with the data compliance requirements in locations where we operate.. See our Privacy Notice for the full registry.

Harmoney follows a role-based access control (RBAC) system and follows the principle of least privilege when granting employees access to systems. User access to systems is reviewed on a quarterly basis.

Harmoney has documented business continuity (BCP) and disaster recovery (DRP) plans which document defined procedures for managing and recover from significant events that could affect our ability to provide the service. These plans are tested and reviewed annually.

An Incident management policy and process are in place to guide employees in reporting and responding to information technology incidents. Processes exist to identify, report and act upon system security and data breaches as well as other serious incidents.

Harmoney supports the responsible disclosure of security vulnerabilities, as it is one of our top priorities to protect the privacy of our customer's data.

We ask that if external parties find any sensitive information, potential vulnerabilities and/or weaknesses that they please help by disclosing it to us in a responsible manner at security@harmoney.co.nz

Harmoney leverages 3rd party penetration testing firms to test our application annually. Our penetration testing provider is CREST-certified.

Harmoney carries out internal security checks on a quarterly basis. These checks include backup restoration tests, user access/endpoint protection reviews, password/key rotation, vulnerability scanning and security patching.

In order to maintain our SOC 2 compliance, we also undergo yearly external audits.

As you navigate the digital landscape, it's crucial to remain vigilant against online advertising scams. These deceptive practices can jeopardize your financial security and compromise your personal information. Here are some essential tips to safeguard yourself:

• Verify the Credibility: Before engaging with any online advertisement, verify the legitimacy of the company. Look for reviews, ratings, and testimonials from reliable sources. Check if the company is registered and authorised to provide financial services.
• Beware of Unrealistic Offers: If an advertisement promises unrealistically low interest rates or guaranteed approval regardless of credit history, proceed with caution. Scammers often lure victims with enticing offers that seem too good to be true.
• Research the Company: Conduct thorough research on the company advertising the loan. Visit their official website, review their terms and conditions, and verify their contact information. A reputable company will have transparent policies and clear communication channels.
• Protect Your Personal Information: Be cautious when sharing personal or financial information online. Legitimate lenders will never ask for sensitive details, such as banking credentials, via unsolicited emails or advertisements.
• Watch for Red Flags: Pay attention to warning signs such as poor grammar, spelling errors, or inconsistent branding in advertisements. Legitimate financial institutions maintain professional communication standards, while scammers often exhibit sloppy or inconsistent messaging.
• Seek Recommendations: Consult friends, family, or financial advisors for recommendations on reputable lending institutions. Personal referrals can provide valuable insights and help you avoid falling victim to fraudulent schemes.
• Report Suspicious Activity: If you encounter a suspicious advertisement or believe you've been targeted by a scam, report it to the appropriate authorities immediately. By reporting fraudulent activity, you help protect yourself and others from becoming victims.

At Harmoney, we prioritise the financial well-being of our customers and are committed to providing transparent and secure lending solutions. Stay informed, stay vigilant, and together, we can combat online advertising scams and safeguard your financial future.