At Employee Navigator, we achieve the highest level of security by performing full security audits of our product and infrastructure regularly. Our security practices have been evaluated as part of our SOC 2 Type I attestation.
Encryption Security Overview
Your transmitted data is kept safe using the highest encryption standards available,
including 256-bit SSL encryption. This is the same technology that banks use to keep
your account information safe. All the account information you provide, including passwords
and personal information details, is protected using this technology.
Employee Navigator employs state of the art backup and firewall technology to
ensure that your information is always available, no matter what happens. Our system stores
backups in multiple secure locations and is updated throughout the day, every day.
Our servers are hosted at Tier III, SSAE-16 and ISO 27001:2005 compliant
facilities which are Safe Harbor Certified. Our facilities feature 24-hour
manned security, biometric access control, video surveillance, and physical
locks. The co-location facilities are powered by redundant power, each with
UPS and backup generators. All systems, networked devices, and circuits are
monitored by both Employee Navigator and the co-location providers.
Secure at Every Step
We built the Employee Navigator product entirely on our own, so
we are able to monitor and keep safe every aspect of our software. All access
to data within Employee Navigator is governed by access rights, authenticated by
username and password and your Employee Navigator instance administrator can
define granular access privileges. Employee Navigator also follows secure
credential storage best practices by storing passwords using the bcrypt (salted)
hash function. Our security architecture ensures segregation of customer data
and stricter access restrictions for Employee Navigator’s HR mobile app.
Behind the Scenes
Employee Navigator’s multi-pronged approach to security ensures you are
protected at all times. We adhere to industry standards for protecting your data,
securing our web application, and processing all transactions. We've created
policies across our entire organization to ensure that Employee Navigator offers
the highest level of security.
Employee Navigator has completed the SOC 2 Type 1 Audit. A SOC 2
report is intended to evaluate an organization's information systems relevant to
security, availability, integrity, confidentiality, & privacy. Employee
Navigator’s SOC 2 report is available upon request.
There are no official government or industry certifications for HIPAA compliance.
In order to support HIPAA compliance, Employee Navigator has reviewed the HIPAA
regulation and updated its product, policies and procedures to support customers
around their need to be HIPAA compliant. The Employee Navigator product/platform
meets the obligations required by HIPAA; however, customers are also responsible
for enforcing policies within their organizations to meet HIPAA compliance.
Some of Employee Navigator’s controls that are relevant to HIPAA include:
Controls to provide reasonable assurance for defining and granting access
to users permitted by the user's entity.
Controls to provide reasonable assurance that the user entity’s method for
accessing Employee Navigator application is configured with proper logical
Controls to provide reasonable assurance that user accounts and access
permissions are correctly specified on an ongoing basis, including revoking accounts.