The HReasily management is committed to the continual improvement of the information security of the organisation. Our practices follow industry-set baselines and best practices. We are also moving into integrating ISO 27001:2013 controls into our information security processes.
The HReasily application is an all-cloud HR management SaaS platform available in both web and mobile formats (iOS and Android). Our services are built on a fully cloud infrastructure provided by AWS within the Singapore region using both multi-tenancy and multi-instance approaches. We employ redundancy measures to ensure high availability across our platforms.
2FA adds an additional layer of security when users login to our application. We use One-time passwords (OTP) as a second factor. Our OTPs are unique codes that are valid for a single login session for a defined period of time.
Employee data can only be accessed by an assigned administrator with specific roles. More information here.
Data from users to our services are over a secure HTTP connection (HTTPS) and encrypted end-to-end using SHA256 ECDSA for signing and SHA256 RSA for compatibility. We only allow HTTPS connections from visitors supporting TLS v1.2 and above. These protocols offer modern authenticated encryption (also known as AEAD) for added security.
We follow the recommended cryptographic functions stipulated by NIST in Special Publication 800-175B. Data repositories that hold or manage sensitive commercial or personal information are encrypted at rest using AES-256. Full disk encryption is also mandatory for all employee laptops and workstations.
We retain data for as long as necessary to fulfil the purposes for which we collected it. This also includes satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
If you terminate or cancel your subscription with us, you can request for a deletion of your account. However, your data from backups and logs will be retained according to our data retention policies.
You may request a copy of your data, but this should be made before requesting for the deletion of your account.
The data processing agreement (DPA) is our
All integrations are accomplished using oAuth v2.0. Tokens or any customer-identifying information are not exposed within our applications nor shared with other parties. Each request is protected in transit through HTTPS.
The most recent and critical security patches are installed on the system as soon as practical and reasonable. Immediate application of security patches is ideal unless this interferes with business requirements where a reasonable expectation of delay is justified. Regular preventive maintenance (security and/or system patches) is carried out.
End-point protection is another layer of security protection for our company assets (data and resources) against malicious attacks, ransomware and viruses. All end-points that are connected to internal networks via remote access technologies or personal workstations (BYOD) that access company resources use the most up-to-date anti-virus software.
We adopt the best of agile practices and we continue to improve the way we work by constantly reviewing the way we work. Workflows are almost clearly outlined and followed by every member of the Engineering Team and reviewed for improvements.
In an Agile environment, the Engineering, Product and Quality Assurance Team, work collaboratively to make improvements on an ongoing basis. We embrace a shared responsibility in ensuring we deliver a high-quality end product and service. We minimize the risk of defects while maximizing end-user experience by incorporating software and quality assurance testing throughout our entire engineering process. Our testing methods utilise both manual and automated processes.