Given the nature of the data you entrust to us, we have selected and audited our partner and sub-contractor Officient in order to be able to offer you the necessary guarantees in terms of security and privacy.
Officient manages user data via Amazon Web Services (AWS). All data is automatically backed-up and is stored redundantly. The server- and network structure remains accessible - even when hardware issues should arise. We maintain an uptime of 99,9%. Hence we can assure a qualitative service on a continuous basis.
Since Data privacy is of crucial importance all our data are stored within the EU, all your data (incl. back-ups) is stored only in Ireland. AWS conforms entirely with the EU-legislation for data protection (GDPR).
Appropriate security measures are taken such as:
- Encryption, a type of security that is also adopted in the financial sector, is used for all Officient accounts. This encryption is used for external as well as internal connections, and ensures that sensitive information can never be send or received as readable text. Thanks to this sophisticated security system, the data of different customers remains separated at all times. The Officient environment is, hence, highly secured.
- Security by design practices
- The development team validates its developments against "OWASP top 10" best practices.
- An active bug bounty program is run on the Officient platform, via an ethical hacker provider
- An advanced intrusion detection system and Runtime application self-protection (RASP) is active on the platform
- All access is role-based by default
- Authentication with Two factor authentication (2FA) is supported by default
- Strong brute force protection on all endpoints for auth supplied by auth0
- GDPR compliance by design
- Logging mechanisms are in place on each feature (eg wages, addresses, …)
- Auth0 as a service provider for authentication Identity and Access are fully managed through Auth0 as service provider(IAM)
- Release process is highly structured and secured