Last Updated: January 1, 2023
At AanyaHR, we prioritize the security and protection of our customers' data and information. As a provider of cloud-based HR and Payroll software solutions, we understand the criticality of maintaining a robust and reliable security infrastructure. This Security Policy outlines our commitment to maintaining the highest standards of information security in our cloud-based software services.
AanyaHR has adopted the requirements and guidelines outlined in the ISO/IEC 27001:2022 standard and has implemented them in our information security management system (ISMS) to ensure:
Consistent Service Excellence: We demonstrates our proven ability to consistently provide services and maintain information security practices that not only meet but also exceed client service levels. We prioritize delivering exceptional service while ensuring the utmost protection of client data.
Safeguarding Confidential Information: AanyaHR has implemented stringent controls to safeguard sensitive and confidential client information assets. We recognize the importance of maintaining the confidentiality, integrity, and availability of such data, and have established robust measures to protect it from unauthorized access or disclosure.
Effective Management System: We have established, documented, and maintain an effective management system that promotes continuous improvement in our information security practices. This system serves as a foundation for our proactive approach to identifying and addressing security risks, ensuring that our security measures remain up-to-date and aligned with evolving threats and industry standards.
We have also implemented a comprehensive set of administrative, physical, and technical measures to ensure the security and protection of our systems and data. These measures cover various aspects of our operations and infrastructure to mitigate risks and safeguard against unauthorized access, disclosure, alteration, or loss of information.
Business Continuity and Resilience
Business Continuity Plan
A thorough business continuity plan is in place which specifically designed to guarantee uninterrupted service delivery to our valued clients in the event of any business operation disruptions. This comprehensive plan outlines the necessary steps and measures to be taken to ensure the continuous provision of our services, allowing us to swiftly overcome any potential obstacles and maintain our commitment to client satisfaction.
Cloud Infrastructure Provider
AanyaHR is partnered with IBM Cloud to ensure the establishment and continuous fulfillment of security and privacy requirements.
IBM Cloud guarantees 99.999% disk availability and 99.999% uptime which allows us to minimize downtime.
IBM Cloud adheres to various industry standards and compliance frameworks, such as ISO 27001, GDPR, HIPAA, and PCI DSS. These certifications demonstrate IBM's commitment to maintaining high levels of security and compliance.
AanyaHR’s primary Data Center in IBM Cloud is in Singapore while its backup resides in Tokyo, Japan.
Ensuring the secure transmission of data is paramount for maintaining the confidentiality and integrity of information. AanyaHR incorporates robust transmission security features to safeguard data during transit. Here are some key transmission security features implemented in AanyaHR:
AanyaHR employs industry-standard encryption protocols, such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL), to encrypt data during transmission. This encryption mechanism helps protect sensitive information from unauthorized interception or eavesdropping by encrypting the data in transit.
Secure Communication Channels
AanyaHR utilizes secure communication channels to establish a secure connection between users and the system. This involves using secure protocols and cipher suites to ensure the integrity and confidentiality of data exchanged between the client and server.
Secure File Transfer
When transferring files within AanyaHR, additional security measures are implemented. File transfer protocols, such as Secure File Transfer Protocol (SFTP) or encrypted file transfer, are used to protect the confidentiality of the files being transmitted.
Data Integrity Checks
AanyaHR employs mechanisms to verify the integrity of transmitted data. Message integrity checks, such as checksums or hash functions, are utilized to detect any unauthorized modifications or tampering of data during transit.
Firewall and Intrusion Detection/Prevention Systems
AanyaHR employs robust network security measures, including firewalls and intrusion detection/prevention systems, to monitor and control network traffic. These security measures help identify and prevent unauthorized access attempts or malicious activities that could compromise the security of data transmission.
Access control is a crucial aspect of ensuring the security of a system. AanyaHR incorporates robust access control security features to protect sensitive data and maintain the integrity of user accounts. Some of the key access control security features in AanyaHR include:
Role-based access control (RBAC)
AanyaHR incorporates role-based access control (RBAC) to enhance security by enabling clients to assign permissions and restrict user privileges based on their job responsibilities. This RBAC feature adds an additional layer of security, allowing for more granular control over user access. AanyaHR also provides the flexibility to create and assign custom RBAC roles, empowering you to define and manage roles among your employees with greater precision and specificity.
AanyaHR implements secure user authentication mechanisms to verify the identity of users accessing the system. This includes the use of strong passwords, multi-factor authentication (MFA), and other authentication methods to prevent unauthorized access.
AanyaHR enables administrators to define granular access privileges for different user roles. This allows organizations to control and restrict access to sensitive data and functionalities, ensuring that users have appropriate permissions based on their roles and responsibilities.
AanyaHR maintains detailed audit trails that track and log user activities within the system. This helps in identifying any suspicious or unauthorized actions, providing accountability, and facilitating forensic analysis in case of security incidents.
To prevent brute-force attacks and unauthorized access attempts, AanyaHR implements account lockout mechanisms. After a certain number of failed login attempts, user accounts are temporarily locked or suspended, preventing further unauthorized access attempts.
AanyaHR manages user sessions effectively to ensure that authenticated sessions remain secure. This includes session timeout mechanisms, secure session handling, and protection against session hijacking or session fixation attacks.
In cases where user access needs to be revoked, AanyaHR provides mechanisms for administrators to promptly remove user access privileges. This ensures that users who no longer require access to the system cannot continue to access sensitive information or perform actions within the system.
Backup and Recovery
AanyaHR implements regular backup and recovery procedures to ensure the availability and resilience of assets. This includes routine backups of data and system configurations, allowing for efficient restoration in the event of data loss or system failures.
AanyaHR implements encryption techniques to protect sensitive assets, such as confidential data and files. All data are encrypted both at rest and in transit, making it unreadable and unusable to unauthorized individuals.
AanyaHR utilizes secure storage solutions to safeguard assets from unauthorized access or theft. This includes secure server infrastructure, encrypted databases, and secure file systems to prevent unauthorized disclosure or alteration of assets. Each client is provided with their own database, ensuring 100% separation of each client's data.
Mutual Non-Disclosure Agreement
To prioritize the confidentiality of our clients, we begin our partnership by signing a mutual non-disclosure agreement.
We may update this Security Policy periodically to reflect changes in our practices or legal requirements. The updated Security Policy will be posted on our website, and the revised date will indicate the date of the most recent changes. We encourage you to review this Security Policy regularly to stay informed.