Trust is a core value of Employment Hero, so we take protecting your data really seriously. We use the same level of encryption standards and industry-leading technology that banks utilise to manage the security and integrity of your data within the HR platform. Employment Hero is also ISO/IEC 27001:2013 certified
Our wonderful Security team have created a portal that lets customers and prospective customers access directly our security info. On this portal you can ask for access to private documents and to submit security questionnaires.
In case of a platform outage, Employment Hero has designed its infrastructure to restore its applications and databases automatically through checking for failures and dynamically deploying new instances for auto-recovery.
Our infrastructure has an average Monthly Uptime Percentage of 99% (excluding scheduled maintenance). In case of a catastrophic failure, Employment Hero can manually restore services using an offsite copy of the database. This process takes anywhere between two to four hours.
All data exchanged between Employment Hero and their servers use the latest encryption (TLS) to provide the highest level of security, privacy, and data integrity.
Employment Hero does not store your credit card number when subscribing to a paid plan. We send all payment information through a secure channel to our payment gateway. Our payment gateway specialises in storing and protecting your credit card details and not only are they PCI DSS compliant, but they are also on the Payment Card Industry Security Standards Council.
Employment Hero will only access private data to provide product support and have agreements with our infrastructure providers, which grant them access to client data if they are helping with resolving an issue. Employment Hero encrypts all data as per the applicable ATO standards.
Employment Hero runs backups daily and can restore the database from a specific point in time at five-minute intervals. Should storage volumes suffer an unintentional loss of data or become inaccessible for an extended period, Employment Hero can recover the data from a backup and replay the transaction logs.
Employment Hero stores data on protected data servers in Australia that require SSL encryption when connecting to them. Employment Hero runs backups daily and pre-upgrade backups, with copies of this information stored in a secure cloud environment hosted within Australia.
Employment Hero's hardware infrastructure lives in Amazon's secure data centres, which utilise Amazon Web Services (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to make sure compliance with industry standards. Amazon's data centre operations have the following accreditations:
- ISO 27001:2013.
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II).
- PCI Level 1.
- Federal Information Security Management Act - Moderate.
- Sarbanes-Oxley (SOX).
Employment Hero offers Single Sign On (SSO) via Microsoft Azure: Password-Based SSO and Okta SWA, that still allows a user to access their HR platform account post termination. Your organisation's IT department can implement this process, as you configure it via your in house identity management systems.
Employment Hero currently does not provide Federated SSO/SAML at this stage. To read further information on what access a terminated employee has, refer to the following article.
Employment Hero's SSO with Azure is password management only, which is similar to Google Chromes password autofill or iClouds keychain on Safari. It means that an Azure Admin will not be able to create passwords or assign the login to employees.
Employment Hero constantly checks its software for security alerts.
|Urgent Update||Depending on the severity of the update, we could take the application offline during business hours with minimal notice. Such situations are rare, and we would take this measure only if there is a risk to customer data or issues with business-critical functionality.||Unplanned|
Employment Hero has implemented the following security measures on their platform:
- Firewalls to restrict unauthorised access.
- Distributed denial-of-service attack mitigation techniques.
- Continuous application of security patches.
- Limited access to servers.
- Logging and tracking platform access for auditing purposes.