Employment Hero's security measures and single sign on (SSO) processes via the HR platform

Trust is a core value of Employment Hero, so we take protecting your data really seriously. We use the same level of encryption standards and industry-leading technology that banks utilise to manage the security and integrity of your data within the HR platform. Employment Hero is also ISO/IEC 27001:2013 certified.

Helpful Hint

Our wonderful Security team have created a portal that lets customers and prospective customers access directly our security info. On this portal you can ask for access to private documents and to submit security questionnaires.

Business continuity

In case of a platform outage, Employment Hero has designed its infrastructure to restore its applications and databases automatically through checking for failures and dynamically deploying new instances for auto-recovery.

Our infrastructure has an average Monthly Uptime Percentage of 99% (excluding scheduled maintenance). In case of a catastrophic failure, Employment Hero can manually restore services using an offsite copy of the database. This process takes anywhere between two to four hours.

Communications

All data exchanged between Employment Hero and their servers use the latest encryption (TLS) to provide the highest level of security, privacy, and data integrity.

Credit card safety

Employment Hero does not store your credit card number when subscribing to a paid plan. We send all payment information through a secure channel to our payment gateway. Our payment gateway specialises in storing and protecting your credit card details and not only are they PCI DSS compliant, but they are also on the Payment Card Industry Security Standards Council.

Data access

Employment Hero will only access private data to provide product support and have agreements with our infrastructure providers, which grant them access to client data if they are helping with resolving an issue. Employment Hero encrypts all data as per the applicable ATO standards.

Disaster recovery and backup

Employment Hero runs backups daily and can restore the database from a specific point in time at five-minute intervals. Should storage volumes suffer an unintentional loss of data or become inaccessible for an extended period, Employment Hero can recover the data from a backup and replay the transaction logs.

File system and backups

Employment Hero stores data on protected data servers in Australia that require SSL encryption when connecting to them. Employment Hero runs backups daily and pre-upgrade backups, with copies of this information stored in a secure cloud environment hosted within Australia.

Physical security

Employment Hero's hardware infrastructure lives in Amazon's secure data centres, which utilise Amazon Web Services (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to make sure compliance with industry standards. Amazon's data centre operations have the following accreditations:

  • ISO 27001:2013.
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II).
  • PCI Level 1.
  • Federal Information Security Management Act - Moderate.
  • Sarbanes-Oxley (SOX).
Single sign on (SSO)

Employment Hero offers Single Sign On (SSO) via Microsoft Azure: Password-Based SSO and Okta SWA, that still allows a user to access their HR platform account post termination. Your organisation's IT department can implement this process, as you configure it via your in house identity management systems.

Employment Hero currently does not provide Federated SSO/SAML at this stage. To read further information on what access a terminated employee has, refer to the following article.

Important

Employment Hero's SSO with Azure is password management only, which is similar to Google Chrome's password autofill or iCloud's keychain on Safari. It means that an Azure Admin will not be able to create passwords or assign the login to employees.

Software security

Employment Hero constantly checks its software for security alerts.

System and application updates
Update Description Downtime
Routine - None
Service - None
Maintenance Rare occurrence Planned
Urgent Update Depending on the severity of the update, we could take the application offline during business hours with minimal notice. Such situations are rare, and we would take this measure only if there is a risk to customer data or issues with business-critical functionality. Unplanned
System security

Employment Hero has implemented the following security measures on their platform:

  • Firewalls to restrict unauthorised access
  • Distributed denial-of-service attack mitigation techniques
  • Continuous application of security patches
  • Limited access to servers
  • Logging and tracking platform access for auditing purposes

Explore related content

Was this article helpful?
1 out of 5 found this helpful

Comments

0 comments

Article is closed for comments.