At Hiab, we keep everyday life moving. As we lead the industry toward a future of autonomous equipment and connected logistics, digital security is a fundamental safety promise. To us Cyber & Information Security is the backbone of our pioneering spirit, ensuring that as our solutions become smarter, they remain as reliable and secure as the physical steel of our cranes.
The future of load handling is defined by digital integration. As we pioneer intelligent services and connected equipment, we ensure that the physical safety of our machinery is matched by the integrity of our digital ecosystems. For us, security is a core business enabler, ensuring that as global operations become smarter, they also become more resilient.
At Hiab, our investment in cyber and information security is an investment in the long-term success of our customers. By combining certified management systems with a culture of proactive vigilance, we ensure that Hiab remains a trusted partner in an increasingly connected world.
Certified vendor that helps you mitigate risks
At Hiab, we recognize that our commitment to securely managing information assets directly translates into reduced risk for our customers, partners, and stakeholders.
Hiab’s dedication to safeguarding business-critical applications and customer data is evidenced by our ISO 27001 certification for information security management systems (ISMS). This internationally recognized benchmark is more than an achievement; it is a recognition of our ongoing dedication to security compliance and continuous improvement. For our partners, this certification serves as a testament to our work in cyber resilience, providing a verified foundation of trust.
An information security certification demonstrates not only our current strength but our commitment to future development. Our ISMS is designed to be "future-proof"—capable of adapting to new requirements, evolving regulations, and shifts in the global operating environment. It ensures the confidentiality, integrity, and availability of sensitive information by identifying and mitigating risks before they can impact your operations.
Holistic, scalable approach
Defining the right scope for security is key to effective risk management. At Hiab, our ISMS covers our company-wide governance framework and critical centrally managed systems, providing a wide-reaching umbrella of protection. This scope serves as a strong starting point, allowing us to expand and refine our security coverage as technology evolves.
The implementation of our security standards is a cross-organizational effort. By building upon solid information security practices, we have fostered an internal culture of awareness and vigilance. For our customers, this means that every interaction with Hiab is backed by a professional, audited, and world-class approach to information security.
Reporting vulnerabilities and incidents
Hiab recognizes that the expertise of the security research community is vital to the ongoing safety and resilience of the global load-handling industry. We value the proactive efforts of those who help identify potential risks, as this collaboration strengthens the digital foundation upon which our customers rely. We are committed to fostering an open, transparent partnership with the security community.
Scope of vulnerability disclosure
We accept vulnerability disclosure reports for the following:
- Digital Channels: Our web presence, public-facing applications, and customer portals.
- Products & Solutions: Software, firmware, telematics, and connectivity interfaces integrated into our physical load-handling equipment and control systems.
How to report a vulnerability
To ensure your report is processed efficiently and securely, please follow the protocol below:
- Submission Method: Send an email to psirt@hiab.com.
What to include in your report:
- Description: A detailed summary of the vulnerability.
- Target details: The specific product, firmware version, hardware model, or URL affected.
- Proof of Concept (PoC): Clear, step-by-step instructions or scripts to reproduce the issue.
- Impact assessment: The potential risk to the equipment, data, or operational safety and state whether the vulnerability is actively being exploited, if known.
- Environment: Details about the setup or tools used during your discovery.
- Your contact information: Name (optional), email address
Hiab's PSIRT team follows a coordinated vulnerability disclosure process to ensure every report is handled consistently and professionally. We will acknowledge receipt of your report within 5 business days and contact you for further information if needed.
Rules of Engagement
To encourage a responsible disclosure, Hiab commits not to pursue legal action against researchers who act in good faith and who:
- Make a reasonable effort to avoid privacy violations, degradation of the user or customer experience, and disruption to Hiab's business or load-handling operations
- Do not access, modify, or delete customer data, and do not perform "Denial of Service" attacks
- Give Hiab a reasonable amount of time to resolve the issue before disclosing it publicly.
By taking part in this coordinated process, you help us uphold our commitment to operational excellence. Together, we protect the connectivity and intelligence that move the world.