Security.
Understanding that there is more to security than creating a secure application, we have devoted significant resources to ensuring that we meet all facets of multiple industries and regulatory best-practices for protecting customer data. This overview describes how Onwards HR protects data through the use of industry-standard technologies and security best practices.
SOC 2
Onwards HR successfully completed an independent System and Organization Controls (SOC) 2 Type II audit with a clean report and no exceptions. A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.
GDPR
Onwards HR is GDPR-compliant and meets the requirements for properly handling personal data and privacy of EU citizens for transactions that occur within EU member states, as defined in the law.
Cloud Infrastructure / Cybersecurity Architecture
Our platform is built on Amazon Web Services (AWS). All of our services run in the cloud (i.e. load balancers, DNS servers, or physical servers). Learn more about AWS Cloud Security.
Our cybersecurity architecture employs native and AWS partner security components, from Cloudwatch to Cloudflare. We secure, monitor and protect our network, blocking unauthorized access with combined AWS security services that monitor and control incoming/outgoing network traffic.
Our data centers are SOC 1, SOC 2, and SOC 3, and ISO 27001, 27017, 27018 and 27701 certified.
Access Controls
We use secure access protocols and processes and follow industry best practices for authentication, including Multi- factor Authentication and Single Sign-on (SSO).
Our network infrastructure is securely configured to block all unnecessary ports, services, and unauthorized network traffic.
Application Monitoring
We monitor exceptions and logs using AWS native tools.
We collect and store audit history/logs of our application’s activity.
We have implemented continuous security management and monitoring.
We perform frequent vulnerability scans.
We complete annual third-party penetration tests to check for exploitable vulnerabilities in our networks, web apps, and user security.
Data Segmentation
We treat your data with the protection it deserves by completely separating it from other customers.
Data Encryption
We have deployed secure methods and protocols for the transmission of confidential or sensitive information over public networks.
We encrypt certain sensitive customer data with strong ciphers and configurations at rest.
We use recommended secure cipher suites and protocols to encrypt all traffic in transit.
Third-Party Audits
We conduct third-party SOC II audits annually.
We rely on third-party security experts to ensure that we are compliant with the General Data Protection Regulation (GDPR).
Privacy
We have clearly defined how we collect, use and disclose customer information and the choices customers have about their information. Learn more about Onwards HR’s Privacy Policy.
Awareness and Background Checks
We conduct background checks on all employees before onboarding, and employees receive comprehensive security awareness and privacy training at hire and on an ongoing basis.
All employees are required to read and acknowledge our information security policies, which include specific provisions for the protection of customer data.
Culture and Code of Conduct
We have developed a code of conduct that addresses acceptable business practices, conflicts of interest, and expected standards of ethical and moral behavior.
We have created employee confidentiality agreements that prohibit the inappropriate use and disclosure of customer or company information.
All employees are required to acknowledge and sign these agreements prior to their start date.
Have additional questions or feedback? Feel free to reach out to us at security@onwardshr.com. We can provide additional information upon request.