Employment Hero HR Platform security measures and single sign on (SSO) processes


Trust is a core value of Employment Hero, so we take protecting your data really seriously. We use the same level of encryption standards and industry leading technology that banks utilise to manage the security and integrity of your data within the HR platform. Employment Hero is also ISO/IEC 27001:2013 certified 

Business continuity

In the event of a system outage, Employment Hero has designed its infrastructure to restore its applications and databases automatically through monitoring for failures and dynamically deploying new instances for auto-recovery.

Our infrastructure has an average Monthly Uptime Percentage of 99% (excluding scheduled maintenance). In the event of a catastrophic failure, Employment Hero can manually restore services using an offsite copy of the database. This process takes anywhere between two to four hours.


All data exchanged between Employment Hero and their servers use the latest encryption (TLS) to ensure the highest level of security, privacy, and data integrity.

Credit card safety

Employment Hero does not store your credit card number when subscribing to a paid plan. We send all payment information through a secure channel to our payment gateway. Our payment gateway specialises in storing and protecting your credit card details and not only are they PCI DSS compliant, but they are also on the Payment Card Industry Security Standards Council.

Data access

Employment Hero will only access private data to provide product support and have agreements with our infrastructure providers, which grant them access to client data if they are assisting with resolving an issue. Employment Hero encrypts all data as per the applicable ATO standards.

Disaster recovery and backup

Employment Hero runs backups daily and can restore the database from a specific point in time at five-minute intervals. Should storage volumes suffer an unintentional loss of data or become inaccessible for an extended period, Employment Hero can recover the data from a backup and replay the transaction logs.

File system and backups

Employment Hero stores data on protected data servers in Australia that require SSL encryption when connecting to them. Employment Hero runs backups daily and pre-upgrade backups, with copies of this information stored on two different server locations within Australia.

Physical security

Employment Hero's hardware infrastructure lives on Amazon's secure data centres, which utilise Amazon Web Services (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data centre operations have the following accreditations:

  • ISO 27001:2013.
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II).
  • PCI Level 1.
  • Federal Information Security Management Act - Moderate.
  • Sarbanes-Oxley (SOX).
Single sign on (SSO)

Employment Hero offers Single Sign On (SSO) via Microsoft Azure: Password-Based SSO and Okta SWA, that still allows a user to access their HR platform account post termination. Your organisation's IT department can implement this process, as you configure it via your in house identity management systems.

Employment Hero does not provide Federated SSO/SAML, because we want the end-user to still access their HR Platform account post termination. To read further information on what access a terminated employee has, refer to the following article.

Software security

Employment Hero constantly monitors its software for security alerts.

System and application updates
Update Description Downtime
Routine - None
Service - None
Maintenance Rare occurrence Planned
Urgent Update Depending on the severity of the update, we could take the application offline during business hours with minimal notice. Such situations are rare, and we would take this measure only if there is a risk to customer data or issues with business critical functionality. Unplanned
System security

Employment Hero has implemented the following security measures on their platform:

  • Firewalls to restrict unauthorised access.
  • Distributed denial-of-service attack mitigation techniques.
  • Continuous application of security patches.
  • Limited access to servers.
  • Logging and tracking system access for auditing purposes.
Was this article helpful?



Article is closed for comments.