Security Essentials

An Overview

Security Essentials

And Overview

ISO 27001 Certification:
Your Data, Our Priority

At HReasily, protecting your data is at the heart of everything we do. We are proud to have achieved ISO/IEC 27001:2022 certification, reflecting our unwavering commitment to security. We utilize the same level of encryption standards and industry-leading technology that banks rely on to ensure the safety and integrity of your HR data. This certification underscores our dedication to maintaining the highest security standards across all our services.

For more information, or to verify our certification:

Data handling

Our Privacy Policy (https://app.hreasily.com/privacy-policy)
contains how we handle your personal and company information.

Data Protection Officer

We have an appointed Data Protection Officer to oversee our ongoing privacy and compliance efforts. Contact our Data Protection Officer at [email protected].

Responsible disclosure

A publicly-available page that outlines how independent security researchers, who understand the severity of the risk, can disclose security vulnerabilities found on our products and services. Our responsible disclosure page is located here.

SaaS Platform

The HReasily application is an all-cloud HR management SaaS platform available in both web and mobile formats (iOS and Android). Our services are built on a fully cloud infrastructure provided by AWS within the Singapore region using both multi-tenancy and multi-instance approaches. We employ redundancy measures to ensure high availability across our platforms.

2-Factor Authentication (2FA)

2FA adds an additional layer of security when users login to our application. We use One-time passwords (OTP) as a second factor. Our OTPs are unique codes that are valid for a single login session for a defined period of time.

Role-based Access Control

Employee data can only be accessed by an assigned administrator with specific roles. More information here

Data Handling

Data in transit

Data from users to our services are over a secure HTTP connection (HTTPS) and encrypted end-to-end using SHA256 ECDSA for signing and SHA256 RSA for compatibility. We only allow HTTPS connections from visitors supporting TLS v1.2 and above. These protocols offer modern authenticated encryption (also known as AEAD) for added security.

Data at rest

We follow the recommended cryptographic functions stipulated by NIST in Special Publication 800-175B. Data repositories that hold or manage sensitive commercial or personal information are encrypted at rest using AES-256. Full disk encryption is also mandatory for all employee laptops and workstations.

Data retention

We retain data for as long as necessary to fulfil the purposes for which we collected it. This also includes satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

What happens to your data if you leave HReasily?

If you terminate or cancel your subscription with us, you can request for a deletion of your account. However, your data from backups and logs will be retained according to our data retention policies.

You may request a copy of your data, but this should be made before requesting for the deletion of your account.

Data Processing Agreement (DPA)

The data processing agreement (DPA) is our
Privacy Policy
and Terms and Conditions.

Integrations

All integrations are accomplished using oAuth v2.0. Tokens or any customer-identifying information are not exposed within our applications nor shared with other parties. Each request is protected in transit through HTTPS.

Vulnerability Management

Preventive maintenance

The most recent and critical security patches are installed on the system as soon as practical and reasonable. Immediate application of security patches is ideal unless this interferes with business requirements where a reasonable expectation of delay is justified. Regular preventive maintenance (security and/or system patches) is carried out.

End-point protection

End-point protection is another layer of security protection for our company assets (data and resources) against malicious attacks, ransomware and viruses. All end-points that are connected to internal networks via remote access technologies or personal workstations (BYOD) that access company resources use the most up-to-date anti-virus software.

Our Workflows: The Agile Environment

Software development

We adopt the best of agile practices and we continue to improve the way we work by constantly reviewing the way we work. Workflows are almost clearly outlined and followed by every member of the Engineering Team and reviewed for improvements.

Software testing

In an Agile environment, the Engineering, Product and Quality Assurance Team, work collaboratively to make improvements on an ongoing basis. We embrace a shared responsibility in ensuring we deliver a high-quality end product and service. We minimize the risk of defects while maximizing end-user experience by incorporating software and quality assurance testing throughout our entire engineering process. Our testing methods utilise both manual and automated processes.