Any system that manages your organization’s private data requires robust security, and your HRIS is no exception. At Sentric, data security is at the core of all that we do. Armed with industry-leading technology and security measures, we’re committed to protecting your data.
Security risks continue to evolve and grow in complexity. To combat these threats, our security and infrastructure teams meet quarterly with key executives to review and update our risk management procedures and Incident Response Plans. We also conduct an annual risk assessment which our executives review to further bolster our ongoing security measures.
Our goal is to maximize your access to our application and your data. Our infrastructure and data are maintained in data centers that are SSAE 18, SOC 2 Type II, ISO/IEC 27001:2013, HIPAA, and PCI compliant. They’re also N+1 redundant for both power and cooling.
These data centers have an historical uptime reliability record of 99.99999% and our current Service Level Agreement with our cloud vendor is 99.5%, both of which allow us to deliver consistent uptime. Our cloud vendor also has multiple levels of hardware and connectivity redundancy to ensure reliability.
If an outage occurs, we have strategies in place to monitor uptime and minimize impact. Our Network Operations Center monitors our infrastructure 24/7/365 and reports outages to key personnel through automated alerts and live communication. We also continually test your site availability from over 200 checkpoints around the world. If an outage occurs, we receive automated communications and take corrective action immediately.
Your data is maintained in an ISO 27001:2013 certified data center. The facility is staffed 24/7/365 and has stringent access protocols and procedures, including multi-stage electronic security systems, proximity card access, and archived CCTV monitoring.
We have access control systems in place at all of our office locations, including keyed areas to ensure that only authorized personnel can access sensitive information.
Employee Training & Awareness
Today’s business climate demands that security awareness and education be at the forefront of our culture. We provide data security and privacy training for all employees as soon as they are hired and on an annual basis thereafter. All employees must sign and adhere to our Data Security Policy, which holds them accountable for keeping your data secure and reporting potential breaches.
Our ongoing training and awareness also includes simulated phishing email campaigns and a space for employees to share knowledge and to notify each other of any suspicious email communication.
Dedicated Cybersecurity Team
Our Managed Detection and Response (MDR) Team monitors our infrastructure, applications, and data 24/7/365. These highly skilled, CISSP-certified professionals focus solely on cybersecurity and preserving the integrity of your data. Equipped with state-of-the-art tools and resources, they can track and analyze all traffic moving within and across our cloud environment, which lets them quickly identify potential threats. If a threat is identified, the MDR Team will alert key personnel and either recommend or execute an appropriate course of action to mitigate the threat.
Backups & Disaster Recovery
Our multi-layered, comprehensive backup plans and procedures are designed to minimize data loss to no more than 30 minutes. We take data and server snapshots every 30 minutes, log backups every 15 minutes, and full backups every day. We encrypt and replicate that data across multiple, geographically-dispersed locations in the event of an environmental, technical, or security incident. In addition, we maintain a disaster recovery plan that supports a business continuity strategy for our applications and systems. We test this plan annually and continuously improve it to account for business changes and new risks.
SSAE 18 SOC 1 Certified
Each year, we’re audited by a top 50 independent accounting firm with over 60 years of experience. They examine and test the suitability and effectiveness of our controls and issue an opinion on their findings. Since 2005, we have consistently received a SOC 1 certification. Our most recent report included no exceptions.
Data Security Safeguards & Encryption
To protect your data, we use the following industry-leading technology, solutions, and processes:
- Intrusion Prevention System (IPS)
- Intrusion Detection System (IDS)
- Network firewalls
- Application firewalls
- Security Information & Event Management (SIEM)
- Threat intelligence feeds
- Virus/malware detection and 24/7/365 monitoring
- Vulnerability scanning
- Penetration testing
- Scheduled patch management
- Multi-Factor Authentication to access our network
Each user accesses our private-cloud SaaS application with a unique user ID via an encrypted TLS session. Our application provides:
- Data encryption both at rest and in transit
- A separate database to isolate your data from other customers
- Multi-Factor Authentication through security questions, email, and SMS
- Built-in alerts for high-risk access and data changes
- The ability to configure:
– IP restrictions to limit where users can access your data
– Additional password complexity requirements
– Password expiration policies
– Maximum failed login attempts
– Role and row-based user access