Humanforce Thrive Security Centre

Platform and network security

• We are ISO 27001 certified — an international security standard for managing Financial Information, Intellectual Property and Employee Details

• Third-party application and network penetration tests, performed by against our entire product suite with GIAC, OSCP, CEH, and CISSP certified testers.

• We use Automated Threat Detection (AWS Guard Duty), Web Application Firewalls (AWS WaF) and DDoS protection in place (AWS Shield).

• All our instances are ephemeral and rotated constantly, restarting with the latest patches and security updates.

Storage of data

• Data is stored, encrypted at rest using a minimum of a 256 bit key via AWS KMS

• Customer data is stored within the AWS Sydney (ap-southeast-2) data centre

• Dual data backup stored in different locations for added security

• Backup retention is performed every 30 days.

Corporate IT

• We use an MDM and fleet management solution (Microsoft InTune) to manage all our devices.

• We use for endpoint security, next generation antivirus and malware protection.

• We leverage multiple DLP strategies using CrowdStrike, Google Vault and more.

• All access to customer data is limited to a need-to-know basis, only via encrypted links, VPNs. Access is fully auditable.

• We use to handle patching of our operating systems and 3rd party software.

Data transfer

• All transfer of data is performed over either HTTPS (TLS >= 1.2) or Secure FTP with no less than a 2048 bit using public key authentication.

Security best practices

• All personal data acquired by Humanforce Thrive from employers is salted and hashed with SHA256 algorithm.

• Multi-factor authentication is active, and Single Sign-on (SSO) is used to cascade access across multiple services where possible.