Data Security & Privacy at 247HRM
At 247HRM, our commitment to securing your data is paramount. We employ a multi-layered approach to ensure your information remains protected at every stage—whether at rest, during transit, or through our processing workflows. Our infrastructure and processes are designed to meet and exceed industry standards, ensuring robust data security and privacy.
Certifications & Compliance
247HRM is certified under ISO 9001:2015, ISO 27001:2022, and ISO 27701:2019. These certifications reflect our adherence to globally recognized standards for quality management, information security, and data privacy, reinforcing our commitment to maintaining the highest levels of security and operational excellence.
Incorporating ISO Standards into Our Daily Culture
To ensure that ISO certifications are deeply embedded in our daily operations, we have implemented the following key practices:
- Regular Training & Awareness: All employees participate in ongoing training to stay informed about ISO standards and security best practices, ensuring that everyone understands their role in maintaining compliance.
- Routine Audits & Continuous Improvement: We conduct regular audits and reviews of our security practices, making necessary updates and improvements to ensure that we not only meet but exceed ISO requirements.
Advanced Security Measures
- Enterprise Endpoint Antivirus, Firewall, and Antimalware Protection:
We employ a leading enterprise-grade endpoint security system that offers comprehensive protection, including antivirus, firewall, and antimalware defence. This ensures that all endpoints are protected from the latest threats in real time, providing a secure environment across our entire infrastructure. - Firewall & DDoS Protection:
We utilize AWS GuardDuty for our firewall solutions, while AWS Shield protects our infrastructure against DDoS attacks, ensuring your data remains secure and accessible. - Zero-Trust VPN with Multi-Factor Authentication (MFA):
Access to critical assets is governed by a zero-trust policy, enforced through a secure VPN that requires MFA. This reduces the risk of unauthorized access by ensuring only authorized personnel can access sensitive data. - Vulnerability Assessment and Penetration Testing (VAPT):
While VAPT is conducted periodically to identify potential vulnerabilities, our primary focus remains on preventive measures through robust infrastructure, continuous monitoring, and adherence to best practices.
Infrastructure & Data Residency
- AWS Hosting:
Our primary infrastructure is hosted on AWS in Mumbai, with a backup environment in AWS Hyderabad. Leveraging AWS’s world-class infrastructure is a cornerstone of our security strategy. AWS is renowned for its robust security practices and compliance with international standards. By hosting on AWS, we inherit their state-of-the-art security features and extensive certifications, which include:
- ISO 27001: Information Security Management
- ISO 9001: Quality Management
- ISO 27701: Privacy Information Management
- SOC 1, SOC 2, and SOC 3: System and Organization Controls reports for managing data securely
- ISO 27017: Security Controls for Cloud Services
- ISO 27018: Protection of Personally Identifiable Information (PII) in the Cloud
- PCI DSS Level 1: Payment Card Industry Data Security Standard
These certifications ensure that our infrastructure meets stringent security and compliance requirements, particularly in managing sensitive HR and personal data.
- AWS Datacentre Security:
AWS datacentres are among the most secure facilities in the world, employing cutting-edge physical and digital security measures. These include:
- Physical Security: Strict access controls, including biometric scanning, video surveillance, and 24/7 on-site security personnel, ensure that unauthorized access is nearly impossible.
- Redundancy & Resilience: AWS datacentres are designed with multiple layers of redundancy for power, networking, and connectivity, ensuring maximum uptime and resilience against potential disruptions.
- Environmental Controls: Advanced climate and temperature control systems, fire detection, and suppression systems are in place to protect hardware from physical threats.
- Data Residency:
All data resides within India, complying with local regulations. Exceptions include our Social features, Geo tagging, and upcoming AI features, which may utilize global services for enhanced functionality. - Backup & Disaster Recovery:
Our backup environment in AWS Hyderabad ensures minimal disruption to services, guaranteeing that your data remains safe and accessible even in unexpected events.
Data Security at Rest & During Transit
- Data Encryption:
We use industry-standard AES-256 encryption to protect data at rest. For data in transit, we employ TLS (Transport Layer Security), ensuring that all communications between your browser and our servers are encrypted with 256-bit encryption. This ensures that even if data is intercepted, it remains unreadable and secure. - Privacy Protection:
With ISO 27701:2019 certification, we have implemented a Privacy Information Management System (PIMS) to ensure your data privacy is protected in line with global best practices. We follow stringent privacy protection protocols to ensure that your data is accessed only by authorized individuals and used only for its intended purposes. Our processes are designed to comply with data protection regulations, including GDPR.
SSL Certificates & HTTPS/TLS: Ensuring Secure Communication
- SSL Certificates:
SSL (Secure Sockets Layer) certificates authenticate the identity of our website and establish an encrypted connection between your browser and our servers. We use Extended Validation (EV) SSL certificates to provide the highest level of authentication. This ensures that all data transmitted between you and our servers is encrypted with 256-bit encryption, preventing unauthorized access. - HTTPS and TLS:
We utilize HTTPS (Hypertext Transfer Protocol Secure) to secure all data communications over the internet. By using TLS (Transport Layer Security), we ensure that data in transit is protected from eavesdropping, tampering, and message forgery.
Strong Encryption: We employ 256-bit encryption for all data in transit, providing a high level of security that meets industry standards.
How AWS Enhances Our Security
- Inherited Certifications:
By hosting our infrastructure on AWS, we automatically inherit AWS’s extensive compliance certifications, including ISO 27001, ISO 27701, SOC 1/2/3, GDPR, ISO 27017, ISO 27018, and PCI DSS Level 1. This ensures that our customers benefit from the same high standards that AWS employs globally. - Data Privacy & Security:
AWS provides state-of-the-art security features like AWS Shield, AWS WAF, and AWS Key Management Service (KMS), which we leverage to protect your data. These tools allow us to offer enhanced security, ensuring that your information is protected from unauthorized access and cyber threats. - Scalability & Reliability:
AWS’s scalable infrastructure allows us to grow with your needs without compromising on security. Their reliable network guarantees uptime and availability, ensuring that your HR processes are always running smoothly.
Commitment to Data Privacy
At 247HRM, protecting your data is not just about compliance—it’s about trust. We continuously invest in the latest technologies and best practices to ensure that your data is handled with the utmost care and confidentiality. Our processes are designed to be transparent, secure, and in full compliance with both local and international data protection laws.
We are committed to safeguarding your data and maintaining the privacy of your employees’ information. Whether through our advanced security measures, robust infrastructure, or adherence to global standards, 247HRM is your trusted partner in data security and privacy.