Employment Hero Security

Physical security

Employment Hero's hardware infrastructure resides on Amazon's secure data centres, which utilise the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data centre operations have been accredited under:

  • ISO 27001:2013
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • Federal Information Security Management Act - Moderate
  • Sarbanes-Oxley (SOX)

System security

  • Firewalls to restrict access to protect the system from unauthorised access
  • Distributed denial-of-service attack mitigation techniques applied to prevent unauthorised down-time
  • Continuously patched OS to ensure the latest security patches are applied
  • Servers have limited access and is only available to the senior Employment Hero engineers
  • System access is logged and tracked for auditing purposes

Business continuity

The infrastructure we have chosen to build our application on is designed to automatically restore our applications and databases in the event of outages through monitoring for failures and dynamically deploying new instances for auto-recovery.

Our combined infrastructure has an average Monthly Uptime Percentage of at least 99% (excludes scheduled maintenance). In the event that our infrastructure encounters a catastrophic failure we have the ability to manually restore services using an offsite copy of the database. This process takes anywhere between 2 - 4 hours.

Disaster recovery and backup

We run full backups daily and are able to restore the database from a specific point in time, at 5 minute intervals. Should our storage volumes suffer unintentional loss of data or become inaccessible for an extended period of time we have the ability to recover by recovering from a backup and replaying the transaction logs.

Software security

We constantly monitor our software and libraries for security alerts and should they arise, we ensure they are addressed with the highest priority and could include system down-time during business hours.

Communications

All data (commencing from our sign-in process) exchanged between Employment Hero and our servers is always transmitted using the latest encryption (TLS) to ensure a high level of security, privacy and data integrity.

File system and backups

Employment Hero data is stored on our protected data servers and requires SSL encryption when connecting to them to ensure a high level of security and privacy. We perform nightly backups of your data as well as pre-upgrade backups and have these copies stored on two different server locations.

Data access

Employment Hero staff will only access private data for the purposes of providing the services to you and for support reasons. 

We have agreements in place with our infrastructure providers which only grant them access to your private data if they are assisting us with resolving an issue. To date, no such request has been made.

Furthermore, any sensitive fields such as banking, tax file numbers and superannuation details are not available in clear-text format.

Credit card safety

When you subscribe to our paid plans, we do not store your credit card number as we send all of that through a secure channel to our payment gateway. Our payment gateway specialises in storing and protecting your credit card details and not only are they PCI DSS compliant, but they are also on the Payment Card Industry Security Standards Council.

System and application updates

Update Description Downtime
Routine   None
Service   None
Maintenance  Rare occurrence Planned
Urgent updates Depending on the severity of the update the application could be taken offline during business hours with minimal notice. Such situations are rare and we would only take this measure if there is a risk to customer data or issues with business critical functionality   Possible downtime

 

Contact us

Please do not hesitate with contacting us here, should you have any further questions.

Have more questions? Submit a request

Comments