Get your copy of the 2017 HR Acuity Employee Relations Benchmark Study - Available Now!

Confidentiality & Security

Employee relations and HR data is your organization's most sensitive information. That's why we've built our product with the highest level of confidentiality and security for your employee relations and workplace investigations information.

Schedule a Demo

Protecting Your Information the Right Way

Data Center Security

The security of your data is our top priority. HR Acuity's servers are hosted in geographically distributed Tier IV Microsoft Azure data centers that comply with SSAE-16 and ISO 27001 standards.

Learn More

Application Security

Security processes are an integral part of our application development cycle ensuring the safety of your data. In addition to our own internal processes, HR Acuity retains third-party security experts to perform detailed penetration tests on a regular basis.

Learn More

Network Security

All customer data stored in HR Acuity is encrypted at rest using Transport Data Encryption (TDE). In addition, any communications with HR Acuity servers over public networks are secured via industry best practices HTTPS and Transport Layer Security (TLS).

Learn More

Authentication Security

Role- and user-based permissions ensure that access to case information is available when needed while still maintaining the confidentiality required for sensitive data. Configurable criteria ensure your company remains in compliance with GDPR regulations.

Learn More

Data Privacy

We take the privacy of our clients' data very seriously. HR Acuity has been certified with the U.S. Data Privacy Shield. Learn more by viewing our privacy policy.

Data Center Security

Facilities

HR Acuity partners with Microsoft Azure to provide our data hosting infrastructure at its Tier IV SSAE-16 and ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators.

On-site Security

The Microsoft data center facilities feature a secured perimeter with multilevel security zones, 24/7 manned security, video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.

Data Location

HR Acuity currently leverages Microsoft Azure data centers in the United States.

Application Security

S-SDLC

Control over our software development process is key to producing quality software. Security is a critical subset of that quality. That is why all development is done using the HR Acuity Secure Software Development Lifecycle (S-SDLC) that has been designed and adopted to ensure the software HR Acuity produces meets compliance requirements and is free of software security defects (to the greatest extent possible) that may expose sensitive data.

Security Training

Our system engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and HR Acuity security controls.

QA

QA engineers review and test our code base. Test cases to identify security vulnerabilities in code must pass before the HR Acuity application hits production servers.

Separate Environments

Testing and UAT environments are separated physically and logically from the production environment. No actual client data is used in the development or test environments.

Change Management

HR Acuity's S-SDLC uses an Agile/Scrum process for managing system development activity and has implemented change management and version control software to ensure that all system development changes are sourced from authorized requesters, validated, and prioritized based on business, technical, and security impact. In addition, all changes deployed are tracked for revision control.

Network Security

Protection

Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection and/or prevention technologies (IDS/IPS) that monitor and/or block malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. DMZs are used between the internet, and internally between the different zones of trust.

Vulnerability and Penetration Tests

At appropriate stages in the life cycle, vulnerability scans are performed for identification of noncompliance or potential vulnerabilities. At higher-level milestones (the lesser of annually or with any major release), penetration tests are performed at the application level with a qualified third-party information security expert using both automated and manual testing techniques.

Logical Access

Access to the HR Acuity database is restricted by an explicit need-to-know basis, utilizes least privilege, and is frequently audited and monitored. In addition, employees with such access privileges are required to use multiple factors of authentication.

Security Incident Response

Our globally distributed security team is on call 24/7 to respond to security alerts and events. In case of a system alert, employees are trained on security incident response processes, including communication channels and escalation paths.

Encryption in Transit

Communications between users and HR Acuity are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks.

Encryption at Rest

All client data stored in HR Acuity is encrypted at rest using Transit Data Encryption (TDE)/AD.

Redundancy

HR Acuity has put in place network redundancies to eliminate single points of failure. Client data is actively replicated across primary and secondary DR systems and facilities.

Disaster Recovery

Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster.

Authentication Security

Authentication Options

Users can sign into HR Acuity application using authenticated credentials or SSO login. User provisioning and permissioning is managed by our clients.

Single Sign-On (SSO)

Single sign-on (SSO) allows you to authenticate users in HR Acuity without requiring them to enter additional login credentials. We partner with Ping One to enable SSO login for our clients via Security Assertion Markup Language (SAML).

Password Policy

HR Acuity provides clients the option to define their password change frequency and repeat policy. Password length and password strength are defined based upon industry best practices. In addition, all password reset links are time based and expire after one use or a certain length of time.

Secure Credential Storage

HR Acuity user credentials are stored in the database using Bcrypt algorithms.

Access Privileges and Roles

Authorized HR Acuity Users are provided with multi-level permissions based upon user and role credentials. The flexible role-based authorization process is governed by each client to ensure data is secure and only made available to those who require access to it.

Let's Talk

Are you ready to talk employee relations? So are we. Whatever challenge you're facing, we're here to help.

Contact