Framework hub
MVSP
MVSP Working Group
Minimum Viable Secure Product — minimal security checklist for B2B software and BPO suppliers.
HLD Group maintains policies and controls mapped to this framework as part of our security and compliance programme. This hub describes programme alignment — not a third-party certification or attestation unless separately agreed in your contract.
Programme focus areas
- Baseline controls
- Supplier security
- Vulnerability disclosure
Policies meeting this framework
The following published policies and programme documents are mapped to MVSP. Status: published and under periodic review.
- Information security policyPublished
Enterprise information security programme and control framework.
v3.0 · review every 365 days
- Acceptable use policyPublished
Permitted and prohibited use of company systems, devices, and data.
v2.0 · review every 365 days
- Responsible disclosurePublished
How security researchers report vulnerabilities safely.
v1.2 · review every 365 days
- Vendor & third-party risk policyPublished
Assessment and ongoing management of suppliers and subprocessors.
v1.4 · review every 365 days
- Incident response planPublished
Detecting, responding to, and recovering from security incidents.
v3.0 · review every 180 days
Assurance note
Programme alignment means HLD maintains controls, policies, and monitoring mapped to MVSP requirements appropriate to our services and risk profile. It does not by itself constitute certification, authorization, or a SOC/ISO audit report. Customers requiring formal attestations should contact [email protected].