ENSURING DATA SECURITY IS OUR FOREMOST CONCERN

Our suite of solutions is fortified with a comprehensive security strategy. This includes various technical measures and adherence to recognized data protection standards, all aimed at safeguarding the integrity of your data.

USER ACCESS CONTROL

EVENT AND AUDIT TRAILS

SECURE HOSTING

DATA ENCRYPTION

DISASTER RECOVERY

REDUNDANCY

Slide
User Access Control
Limit access to specific data with complex password rules, two factor authentication.
Slide
EVENT AND AUDIT TRAILS
Sequential records of system history and computer events.
Slide
SECURE HOSTING
Includes 24×7 live guards, CCTV, UPS Generators, multiple provider fiber connections and multi factor access control with biometric.
Slide
Data Encryption
Secure data transmission with SSL/TLS encryption.
Slide
Disaster Recovery
Disaster recovery plan in the event of any business disruptions
1- hour Recovery Point Objective
4-hours Recovery Time Objective
Slide
Redundancy
Multiple pathways to minimize the downtime and keep the services running in the event of any failures.

SECURITY WITHIN THE APPLICATION

Workplaze’s application security is meticulously managed by setting up user group permissions, allowing independent access to functions and data with detailed access control.

Control Over Function Access

Users’ access can be configured to provide specific permissions like reading, updating, adding, or deleting functions, with options for creating more nuanced control levels.

Management of Data Access

Access to specific data types is restricted, for instance, enabling a manager to view only the salary details of their direct reports, while allowing broader access to schedules across various departments. These restrictions can be aligned with people, positions, relationships, or customized criteria.

Authentication for users is established through the issuance of an encrypted cookie to their device. This cookie holds an encrypted token that is uniquely associated with their device.

  • It restricts access to a single device at a time.
  • The cookie is set to expire after a pre-determined, adjustable duration.
  • The system continuously checks the user’s authenticity with every transaction.

In the application’s design, all user access is channeled through a unified authentication route. Meanwhile, file transfers for the interface are segregated into a distinct quarantine area prior to processing.

– User / Password –
Standard Application Security

– Pin Token –
Pin Number Authorization

Multifactor Authentication –
Google Authentication, Email, Mobile Apps

– SSO –
SAML 2.0, OAUTH 2.0, ADFS, Azure AD

Function / Feature Access Right

Data Authentication Right

Action Access Right

Workflow Approval Right

Password Hash Funtion
SHA256 With Obfuscator Key (Unique)

File Encription : PGP Encryption

Database Encryption : RSA KEY

Secure Channel : sFTP

The application’s access is governed by various security measures, including NIST SP 180-118 password regulations, expiration protocols, device restrictions, and more. Passwords are centralized in a single encrypted database using a one-way hash, ensuring they are irretrievable. To maintain password security, a range of customizable rules are in place, such as:

  • Mandatory password complexity standards.
  • Regular password changes without the possibility of reusing old passwords.
  • User and IP blocking after multiple unsuccessful login attempts.

Workplaze maintains comprehensive audit trails and event logs for all transactions, an integral part of the application’s framework that is non-negotiable. These logs detail access and usage, including data types, timestamps of changes, user identity, and both the previous and updated data.

DATA PROTECTION

Data encryption is pivotal in protecting data from unauthorized access and interception. SunFish employs various layers of data encryption to ensure security:

  • SSL 256-bit encryption safeguards data during internet transmission;
  • Sensitive database fields are encrypted to secure confidential information;
  • Encryption is also applied to data backups for additional security;
  • An optional VPN connection requirement is available for server access.

Data At Rest

-File Encryption-
File store in secure file server

-Database Encryption-
Confidential data like payroll is
encryption with AES256 and Unique

Database Backup File is Encrypted with RSA Key

Data In Transit

-File Encryption-
PGP encryption (RSA2048)

-Data Transimission-
Web traffic transmission over Secure Sockets Layer (SSL) Using only strong security protocols Transport Layer Security (TLS)

Data In Use

-Application Authentication-
User / Password Biometric
Multifactor Single Sign On
Pin Token

-Application Authorization-
Role Based access right control all of funtion, data, and action

Vigilant Security Measures and Breach Prevention Tactics

We conduct thorough monitoring of security protocols, carry out internal vulnerability assessments, and engage in both internal and external penetration testing, including white and black box methods, alongside reviews of our security policies by third parties.

Humanica implements both an Intrusion Prevention System (IPS) and Intrusion Detection System (IDS), designed to identify and block a wide array of security threats, covering and exceeding the top 10 OWASP vulnerabilities. Recorded security incidents by these systems are scrutinized daily. The rules and configurations for both the IPS and IDS are regularly revised to maintain cutting-edge protection.

Continual system fortification is a key part of our approach, including regular procedure evaluations. This encompasses the monitoring of intrusion attempts and the timely adjustment of firewall rules, port configurations, and the application of necessary updates and patches.

Robust and Reliable Infrastructure

Ensuring High Availability with Enhanced Security

Access to data within our infrastructure is tightly controlled through multiple defensive layers, including firewalls and Intrusion Prevention Systems (IPS). To reach the core data storage, one must navigate through several subnet layers, each distinctly segmented and uniquely secured. We have invested significantly in eliminating any single point of failure and in reinforcing resilience against multiple failure points, especially in more vulnerable components.

All Humanica data centers are categorized as tier 3 facilities, featuring round-the-clock physical surveillance, with entry restricted to a limited number of authorized personnel. Humanica has established fully redundant backup systems for disaster recovery in other data centers, equipped with readily available warm failover systems.

Compliance

Our development and hosting infrastructure teams are subject to biannual procedural audits as part of our commitment to the ISO 9001:2015 certification, conducted by Lloyd’s Register Quality Assurance. Additionally, we maintain compliance with the ISO 27001:2013 Information Security Management System, undergoing annual audits by the British Standard Institution certification body.

You May also Like to Explore

Security Overview (PDF)

Technology

Innovation

We have your back. Talk to us today.

Scroll to Top