Partnership Program
Built an a Foundation of Trust

At, trust is woven into the fabric of everything we do. To keep your data safe and private, we employe industry-leading safeguards and continuously monitor our system so you can rest easy knowing your most sensitive data is protected 24/7 in the cloud.

Organisational Security
Security begins on day one here. All employees receive security, privacy, and compliance training the moment they start. Though the extent of involvement may vary by role, security is everybody's responsibility at
This commitment to security extends to our executives. The Security Council, a cross-functional group of executives spanning the enterprise, shapes our security programs, drives executive alignment across our organization, and ensures that security awareness and initiatives permeate throughout our organisation.
Architectural Security
Processing Relationship
Our customers serve as the data controller while is the data processor. This means that you have full control of the data entered into services, as well as all setup and configurations. Because you control your data—and we only process it—you won't have to rely on us to perform day-to-day tasks such as:
  • Assigning security authorization and manipulating roles
  • Creating new reports and worklets
  • Configuring business process flows, alerts, rules, and more
  • Creating new integrations with utilities or incumbent tooling
  • Changing or creating new organisational structures
  • Monitoring all business transactions
  • Looking at all historical data and configuration changes
Data Encryption encrypts every attribute of customer data before it's persisted in a database. This is a fundamental design characteristic of the technology. Because is an in-memory, object-oriented application instead of a disk-based RDBMS, we can achieve the highest level of encryption. We use the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits and a unique encryption key for each customer.
Transport Layer Security (TLS) protects user access via the internet, helping to secure network traffic from passive eavesdropping, active tampering, or message forgery. File-based integrations can be encrypted via PGP or a public/private key pair generated by, using a customer-generated certificate. WS-Security is also supported for web services integrations to the API.
Logical Security security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and x509 certificate authentication for both user and web services integrations.
Single Sign-On Support
SAML allows for a seamless, single-sign-on experience between the customer's internal web portal and Customers log in to their company's internal web portal using their enterprise username and password and are then presented with a link to, which automatically gives customers access without having to log in again. also supports OpenID Connect. Native Login
For customers who wish to use our native login, only stores our password in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time, which is customer configurable by user. Customer configurable password rules include length, complexity, expiration, and forgotten password challenge questions.
Multifactor Authentication
We recommend that customers use multifactor authentication (MFA). allows customers to bring in their own MFA provider that is backed by the TOTP (time-based one-time passcode) algorithm. With this setup, customers can easily integrate MFA providers with the native login. also allows end users of customers to receive a one-time passcode delivered via an email-to-SMS gateway mechanism. Lastly, supports challenge questions as an additional mechanism to prove a user's identity.
Step-Up Authentication
If someone leaves their console open or multiple users access from the same device, organisations that use SAML as an authentication type can secure against unauthorized access by identifying critical items within This allows customers to force a secondary authentication factor that users must enter to access those items.
Operational Security
Physical Security applications are hosted in state-of-the-art data centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones. Our data centers adhere to the strictest physical security measures including, but not limited to, the following:
  • Multiple layers of authentication for server area access
  • Two-factor biometric authentication for critical areas
  • Camera surveillance systems at key internal and external entry points
  • 24/7 monitoring by security personnel
All physical access to the data centers is highly restricted and stringently regulated.
Network Security has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the environment. We've also implemented proactive security procedures, such as perimeter defense and network intrusion prevention systems (IPSs).
Network IPSs monitor critical network segments for atypical network patterns in the customer environment as well as traffic between tiers and service. We also maintain a global Security Operations Center 24/7/365.
Application Security has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of applications.
This program includes an in-depth security risk assessment and review of features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.
Vulnerability Assessments contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.
We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our web and mobile application prior to each major release. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities, including, but not limited to, the following:
  • Security weaknesses associated with Flash, Flex, AJAX, and ActionScript
  • Cross-site request forgery (CSRF)
  • Improper input handling (such as cross-site scripting, SQL injection, XML injection, and cross-site flashing)
  • XML and SOAP attacks
  • Weak-session management
  • Data validation flaws and data model constraint inconsistencies
  • Insufficient authentication or authorization
  • HTTP response splitting
  • Misuse of SSL/TLS
  • Use of unsafe HTTP methods
  • Misuse of cryptography
External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies.
Browse All Resources
The HCM Software Resources
for Your Understanding Profile
Leading AI & HCM Software Company
Full Suite Software Profile
Strategies for Meeting the Talent Searching Challenges
Read Datasheet
Module Datasheet
Details on Modules from our Complete HCM Suite
Read datasheet
For you to make strategic decisions for your business
Download Samples
Ready to Get Started?
Explore HCM Software. You can request a demo instantly. Or you can contact us to design a custom software for your business.
Get Demo
Contact Sales   >
Always keep updated
Follow us on LinkedIn to stay up-to-date on the latest product news
Follow Us   >
Join our next Webinar
Join the waiting list for our next online product demo & webinar
Join   >