Your Data In Full Confidence…

HR Acuity maintains the highest standards for data privacy, security, efficiency, accessibility, and transparency — all while mitigating legal and financial risk. 

HR Data Security — Airtight.

We get it. You simply cannot risk compromising your organization’s sensitive data. That’s why we’ve developed an ironclad four-pillar approach fully vetted by security experts. 

Data Security

We use geographically-distributed servers at Microsoft Azure data security centers that comply with the industry’s top standards.

Application Security

We’re committed to the security of our application through our rigorous development processes, which are based on internal and external expertise.

Network Security

Our encrypted network is constantly monitored against key protection protocols and industry best practices.

Authentication Security

Our authentication options ensure users can confidentially access data meant for their eyes only.

A Deep Dive Into Our Security Protocols

We’re about to get a little technical. We’ve outlined the specifics of what makes our four-pillar approach to HR data security superior.

Facilities

HR Acuity partners with Microsoft Azure to provide our data hosting infrastructure at its Tier IV SSAE-16 and ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators.

On-site Security

Microsoft data center facilities feature a secured perimeter with multilevel security zones, 24/7 manned security, video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.

Data Location

HR Acuity currently leverages Microsoft Azure data centers in the United States.

Protection

Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection and/or prevention technologies (IDS/IPS) that monitor and/or block malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. DMZs are used between the internet, and internally between the different zones of trust.

Vulnerability and Penetration Tests

At appropriate stages in the life cycle, vulnerability scans are performed for identification of noncompliance or potential vulnerabilities. At higher-level milestones , penetration tests are performed at the application level with a qualified third-party information security expert using both automated and manual testing techniques.

Logical Access

Access to the our database is restricted by an explicit need-to-know basis, utilizes the least privilege, and is regularly audited and monitored. In addition, employees with access privileges are required to use multiple factors of authentication.

Security Incident Response

Our globally distributed security team is on call 24/7 to respond to alerts and emergencies. In case of a system alert, employees are trained on security response processes, including who to connect with and when to escalate.

Encryption in Transit

Communications between HR Acuity and our users are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS 1.2) over public networks.

Encryption at Rest

All client data stored with us is encrypted at rest using Transparent Data Encryption (TDE)/AD.

Redundancy

We have put a network redundancies in place to eliminate single points of failure. Client data is actively replicated across primary and secondary DR systems and facilities.

Disaster Recover

Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster.

S-SDLC

Security and control are paramount to software development which is why we use the HR Acuity Secure Software Development Lifecycle (S-SDLC). It’s been designed to ensure the software we produce meets compliance requirements and is free of software security glitches (to the greatest extent possible) so confidential data remains that way.

Security Training

Our system engineers regularly participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and HR Acuity security controls.

QA

QA engineers review and test our code base on a regular basis. Test cases that are created to identify code vulnerabilities must pass inspection before the HR Acuity application even hits production servers.

Separate Environments

All forms of testing and user acceptance testing (UAT) environments are physically and logically separated from the production environment. We also make sure no actual client data is used in the development or test environments.

Change Management

Our S-SDLC uses an Agile/Scrum process for managing system development activity. We have also implemented change management and version control software to ensure that all system development changes are sourced from authorized requesters, validated, and prioritized on business, technical, and security impact. In addition, all changes deployed are scrutinized for revision control.

Authentication Options

Users can sign into our application using authenticated credentials or SSO login. User provisioning and permissioning are managed by our clients.

Single Sign-On

Single sign-on (SSO) allows us to authenticate users in HR Acuity without requiring them to enter additional login credentials. We partner with Ping One to enable SSO login for our clients via Security Assertion Markup Language (SAML).

Password Policy

We provide clients with the option to define their password change frequency as well as their repeat policy. Password length and password strength are defined based upon industry best practices. In addition, all password reset links are time-based and expire after one use or a certain length of time.

Secure Credential Storage

HR Acuity user credentials are stored in the database using Bcrypt algorithms.

Access Privileges and Roles

Authorized HR Acuity Users are provided with multi-level permissions based upon user and role credentials. The flexible role-based authorization process is governed by each client to ensure data is secure and only made available to those who require access to it.

A Short Security FAQ

Clear and court-ready documentation is always at your fingertips. Our HR risk management solutions offer approved interview standards so that best practices become the default for your ER Team.
HR Security is function of human resources that not only looks at employee performance and productivity before, during and after their employment, but also ensures that confidential employee and client data remains protected.
HR data can be kept more secure by:
  • Making sure HR and IT work hand-in-hand
  • Encrypting appropriate data
  • Update relevant HR and ER software regularly
  • Maintain periodic data security training
The best way is to start with an established and proven employee relations software solution. Besides being indispensable to your ER team, HR Acuity’s software solutions were designed from the ground up with security in mind so you know your data is being handled properly, including:
  • Configurable permissions that give you the power to control who sees what information and who does not.
  • Centralized documentation that allow for more efficient and secure data storage. It allows all team members to be on the same page, while easily accessing the right information at a moment’s notice.
  • 4 levels of data protection that let you know you can be confident your information is safe and secure. We protect you at from every angle: From the servers to the software to the network to authentications, you can rest easy knowing that we take data security as seriously as you do.

The Latest ER Trends, Issues and Challenges, All in One Place

Our Sixth Annual Benchmark Study spans across industries to deliver some expected and very unexpected employee relations findings.

Is HR Acuity’s Case Management Solution Worth It? Run the Numbers.

Use our ROI Calculator to quantify the actual value of our case management solution to your Employee Relations and your organization.