.png)
• We are ISO 27001 certified — an international security standard for managing Financial Information, Intellectual Property and Employee Details
• Third-party application and network penetration tests, performed by Cobalt.io against our entire product suite with GIAC, OSCP, CEH, and CISSP certified testers.
• We use Automated Threat Detection (AWS Guard Duty), Web Application Firewalls (AWS WaF) and DDoS protection in place (AWS Shield).
• All our instances are ephemeral and rotated constantly, restarting with the latest patches and security updates.
• Data is stored, encrypted at rest using a minimum of a 256 bit key via AWS KMS
• Customer data is stored within the AWS Sydney (ap-southeast-2) data centre
• Dual data backup stored in different locations for added security
• Backup retention is performed every 30 days.
.png)
• We use an MDM and fleet management solution (Microsoft InTune) to manage all our devices.
• We use CrowdStrike.com for endpoint security, next generation antivirus and malware protection.
• We leverage multiple DLP strategies using CrowdStrike, Google Vault and more.
• All access to customer data is limited to a need-to-know basis, only via encrypted links, VPNs. Access is fully auditable.
• We use Automox.com to handle patching of our operating systems and 3rd party software.
.png)
• All transfer of data is performed over either HTTPS (TLS >= 1.2) or Secure FTP with no less than a 2048 bit using public key authentication.
.png)
• All personal data acquired by Humanforce Thrive from employers is salted and hashed with SHA256 algorithm.
• Multi-factor authentication is active, and Single Sign-on (SSO) is used to cascade access across multiple services where possible.
.svg){kind=small}
.svg)