This summary outlines MyHR's security and privacy practices, covering our methods for hosting and protection, data encryption, and data access control.
Updated 5 April 2024. Download as PDF
Introduction
At MyHR, your security and privacy aren’t just a policy; they’re our promise. In an ever-evolving digital world, we continuously refine our approach to protect your data with empathy, transparency, and understanding. Our commitment to safeguarding your information is unwavering, as we employ the latest in technology and best practices to secure your trust.
Our Approach
Hosting & Protection
Our platform is securely hosted on Amazon Web Services (AWS), a leader in cloud computing services. AWS’s commitment to security is demonstrated through its comprehensive compliance with global security standards, including ISO/IEC 27001, PCI DSS, and SOC 1, 2, and 3. These certifications underscore AWS’s dedication to maintaining the highest levels of security and data protection. For more details on AWS’s security practices, please visit AWS Compliance.
To further enhance our security posture, we integrate Cloudflare’s security services, including its advanced DDoS protection. Cloudflare holds certifications such as ISO/IEC 27001, PCI DSS, and SOC 2, illustrating its robust approach to security and privacy. Cloudflare’s global network is designed to optimize performance while protecting against a wide array of threats. For more information on Cloudflare’s security and privacy practices, you can access Cloudflare Certifications and Compliance Resources.
This strategic combination of AWS and Cloudflare fortifies our commitment to providing a secure, reliable, and resilient service. By leveraging the strengths of these industry-leading services, we ensure that our platform remains at the forefront of security and performance, offering our users peace of mind.
Data Encryption & Access Control
To ensure the confidentiality and integrity of your data, all information transmitted and stored within our platform is encrypted. Access to our system requires a secure email/password combination, further protected by HTTPS. Additionally, we support and encourage the use of two-factor authentication (2FA), providing an extra layer of security.
We adhere to the principle of least privilege, a crucial security protocol ensuring that access rights for all users are limited to the bare minimum necessary to perform their functions. This means access is not just restricted, but meticulously managed and monitored, reducing the potential for unauthorised data exposure and enhancing our system’s overall security posture.
Annual Security Reviews
Committed to continuous improvement, we conduct application security reviews and penetration tests annually. These comprehensive evaluations help us to stay ahead of potential vulnerabilities and ensure that our defences are robust and effective.
Disaster Recovery & Data Management
At MyHR, we recognise the critical importance of your data—not only for your business operations but also for maintaining trust in our platform. Our disaster recovery strategies, featuring data backups every 15 minutes and multi-zone redundancy, are designed to ensure minimal downtime and enable rapid recovery. With your peace of mind as our priority, these measures are in place to guarantee that, even in the unlikely event of a system failure, your data remains secure, intact, and immediately recoverable. Additionally, our data management practices adhere to industry best practices, offering further security and ensuring compliance with legal standards.
User-Centric Security
Empowering Our Users
We’re dedicated to empowering our users by supplying the essential tools and insights needed for effective security settings management. With mandatory two-factor authentication (2FA) options, our platform guarantees you maintain control.
Privacy by Design
Privacy is not just a compliance requirement at MyHR; it’s a foundational principle that informs every aspect of our platform’s development and operation. Our systems are engineered to minimise data exposure, ensuring that only essential information is processed and stored. We adhere to a strict “Privacy by Design” approach, integrating comprehensive data protection from the initial design phase through to the final product.
In keeping with our commitment to global privacy standards, we align our practices with the latest laws and guidelines from the jurisdictions we operate in:
New Zealand: We comply with the Privacy Act 2020, incorporating principles that safeguard personal information, ensuring transparency, security, and accountability across all our operations.
Australia: Our practices are in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988, ensuring that we handle personal information responsibly, with a strong emphasis on protecting the privacy of our Australian users.
Canada: In Canada, we adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, which set the standards for the collection, use, and disclosure of personal information in the course of commercial activities.
Our commitment to these laws reflects our deep respect for user privacy and our dedication to maintaining the trust of our customers across these jurisdictions. We continuously review and update our privacy practices to ensure alignment with these legal frameworks and the evolving digital landscape.
For more detailed information on how we manage and protect your data, please visit our comprehensive privacy policy at MyHR Privacy Policy.
Our Team & Culture
Commitment to Excellence
The MyHR team embodies our security and privacy ethos. All employees and contractors sign stringent agreements emphasising the importance of data protection. Our internal systems require 2FA, and we foster a culture of vigilance and responsibility through regular training and awareness programmes.
Continuous Improvement
In partnership with Onwardly, we are dedicated to the ongoing enhancement of our security and privacy measures. Our Security and Privacy committee plays a pivotal role in this process, ensuring that we not only meet but also adhere to industry best practices.
Transparent Communication
We believe in transparent communication regarding our security and privacy practices. For more detailed information on how we handle your data, please visit our external privacy policy at MyHR Privacy Policy.