At Worknice we are committed to offering world class data protection standards to ensure your data is safe and your compliance requirements are met.
The goal of Worknice is to provide a core building block of your HR tech stack. A place where you can store all your employee records and documents, follow company growth and accelerate your day to day people operations. This mission can’t be fulfilled without us implementing strict technical measures and following the highest security standards to build up trust with our customers.
Here you’ll find more information on how we approach security, and if you have additional questions feel free to get in touch here.
Data centre security
Our cloud hosting providers, including Amazon Web Services (AWS), maintain multiple certifications for its data centres, including ISO/IEC 27001:2013, 27017:2015, and 27018:2014 compliance, and SOC. For more information about their certification and compliance, please visit the AWS security site. These certifications attest to their adherence to strict security protocols, ensuring that your data is housed in facilities that meet the highest industry standards.
Australian hosted infrastructure
By hosting our infrastructure on servers located in Sydney, Australia, we not only enhance performance for our local clients but also ensure compliance with specific regulatory and compliance requirements unique to the region. AWS, our data centre provider, maintains certifications like SOC 1, SOC 2, SOC 3, and ISO27001, further validating the security of our infrastructure.
Communication
All user data is transported securely, as all traffic is encrypted in transit via SSL. Encrypting data in transit protects it from unauthorised snooping, modification, and man-in-the-middle attacks. Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protecting against protocol downgrade attacks.
Credit cards
Worknice does not store any credit card information. We have partnered with Stripe for credit card processing which allows us to leverage AES256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of credit card information. This is the most stringent level of certification available to the payments industry.
Employee access is limited and audited
Only the people who need access to improve or operate the system have access. We make sure there are several layers of controls that individuals must go through to access customer data. And when they do their routine maintenance, debugging, or servicing of the system, they’re led through an auditing access path that requires them to state the valid consent or justification for the specific access session.
Penetration testing
To proactively identify and address potential vulnerabilities in our systems and platform, we plan to engage third-party security partners to conduct regular penetration testing. This comprehensive testing will help us identify and mitigate security risks before they can be exploited by malicious actors, enhancing the overall resilience of our infrastructure.
Data breach disclosure
In the unfortunate event of a data breach involving personal data, we adhere to strict protocols for incident response and disclosure. This includes promptly reporting the breach to the relevant authorities and affected individuals, ensuring transparency and accountability in our data handling practices.
Processing of Company Personal Data
We are committed to complying with all applicable Data Protection Laws governing the processing of Company Personal Data. This means that we handle your data in accordance with your documented instructions, ensuring that it is used only for authorised purposes and in compliance with relevant regulations.
Third-Party Sub-Processors
Our selection of sub-processors is based on their reputation as leaders in their respective fields and their demonstrated commitment to security. We maintain a list of these trusted partners in our Privacy Policy, providing transparency regarding the entities involved in processing your data.
Data backups
Regular automated backups of our databases are conducted daily to ensure the integrity and availability of your data. These backups serve as a failsafe mechanism, allowing us to restore data in the event of unexpected data loss or corruption, minimising disruption to your operations.
Log collection
Detailed logs are generated and collected across our platform, providing a high-resolution trail of actions performed by users. This log data is invaluable for incident investigation and forensic analysis, enabling us to quickly identify and respond to security incidents or suspicious activities.
Software updates
We employ automated systems to monitor for software vulnerabilities and promptly apply updates to our infrastructure and codebase. By staying abreast of the latest security patches and updates, we mitigate the risk of exploitation by known vulnerabilities, bolstering the overall security posture of our platform.
Automated tests
Following each code change, we conduct an extensive suite of automated tests to verify the correctness and security of Worknice features. This includes testing authentication mechanisms, permission systems, and other critical components to ensure they function as intended and remain resilient to potential security threats.
Reporting security issues
We actively encourage our users to report any security vulnerabilities or incidents they encounter while using the Worknice platform. Our dedicated ticketing system provides a streamlined process for reporting and tracking security issues, allowing our team to promptly investigate and address any concerns raised by our users. Please email any security concerns to help@worknice.com.
At Worknice, safeguarding your data is not just a priority – it’s our responsibility. We’re committed to maintaining the highest standards of security and compliance to ensure that your data remains safe and protected at all times. If you have any further questions or concerns about our security practices, please don’t hesitate to reach out – we’re here to help.
