FAQ: What is Employment Hero's HR Platform Security

Question

What platform security does Employment Hero HR use?

Availability

Available On:

✓ Free

✓ Standard

✓ Premium

Requires:

HeroPay

Answer

Employment Hero has implemented a wide variety of platform security measures for our HR platform.

Physical Security

Employment Hero's hardware infrastructure lives on Amazon's secure data centres, which utilise Amazon Web Services (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data centre operations have the following accreditations:

  • ISO 27001:2013.
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II).
  • PCI Level 1.
  • Federal Information Security Management Act - Moderate.
  • Sarbanes-Oxley (SOX).

System Security

Employment Hero has implemented the following security measures on their platform: 

  • Firewalls to restrict unauthorised access.
  • Distributed denial-of-service attack mitigation techniques.
  • Continuous application of security patches.
  • Limited access to servers.
  • Logging and tracking system access for auditing purposes.

Business Continuity

In the event of a system outage, Employment Hero has designed its infrastructure to restore its applications and databases automatically through monitoring for failures and dynamically deploying new instances for auto-recovery.

Our infrastructure has an average Monthly Uptime Percentage of 99% (excluding scheduled maintenance). In the event of a catastrophic failure, Employment Hero can manually restore services using an offsite copy of the database. This process takes anywhere between two to four hours.

Disaster Recovery and Backup

Employment Hero runs backups daily and can restore the database from a specific point in time at five-minute intervals. Should storage volumes suffer an unintentional loss of data or become inaccessible for an extended period, Employment Hero can recover the data from a backup and replay the transaction logs.

Software Security

Employment Hero constantly monitors its software for security alerts.

Communications

All data exchanged between Employment Hero and their servers uses the latest encryption (TLS) to ensure the highest level of security, privacy and data integrity.

File System and Backups

Employment Hero stores data on protected data servers in Australia that require SSL encryption when connecting to them.

Employment Hero runs backups daily and pre-upgrade backups. This information is copied and stored on two different server locations within Australia.

Data Access

Employment Hero will only access private data to provide product support.

Employment Hero has agreements with their infrastructure providers, which grant them access to client data if they are assisting with resolving an issue.

Any sensitive fields such as banking, tax file numbers, and superannuation details are not available in clear-text format.

Credit Card Safety

Employment Hero does not store your credit card number when subscribing to a paid plan. All payment information is sent through a secure channel to our payment gateway. Our payment gateway specialises in storing and protecting your credit card details and not only are they PCI DSS compliant, but they are also on the Payment Card Industry Security Standards Council.

System and Application Updates

Update Description Downtime
Routine   None
Service   None
Maintenance Rare occurrence Planned
Urgent Update Depending on the severity of the update, we could take the application offline during business hours with minimal notice. Such situations are rare, and we would take this measure only if there is a risk to customer data or issues with business critical functionality. Unplanned
Have more questions? Submit a request

Comments