GDPR
With the EU General Data Protection Regulation (GDPR) becoming effective on May 25 2018, we
have worked to update our policies and practices to align with the new GDPR requirements
and principles and ensure a level of security appropriate to the risks as required by GDPR
Article 32.
Culture of Security
We've been security minded since day one, putting security first in every step of the
development lifecycle. Our entire Humanly product team has been through security training
and holds one anothers' work accountable through regular code reviews, penetration tests,
and vulnerability scans.
Azure Accreditations
Humanly is a native cloud application and uses Azure infrastructure. Azure has been
accredited under several programs including below:
ISO 27001 Certification
PCI DSS 2.1 Service Provider Level 1 Certification
- ISO 27001
- OSC 1m SOC2 and SOC 3
- PCI DSS version 3.2
- Sarbanes Oxley SOX
- Compliant with EU General Data Protection Regulations
- Physical Security, Logical Data Separation, and Encryption
Humanly keeps data logically separated and tags data by organization throughout the
lifecycle. No data is transmitted to Humanly without encryption.
Physical Security
Humanly is hosted on Azure who provdes robust physical data center security and
environmental controls. Humanly's corporate office requires badge access for entry, maintains
video surveillance, and requires all visitors to sign in and be accompanied when present.
See more about
Azure Physical Security here.
Network Security
Humanly controls access to our production networks through the use of strictly defined rules
such as firewalls and requires multifactor authentication where appropriate and encrypted
connections. We also utilize logging and email filtering to identify potential security
threats.
Our infrastructure is hosted in Azure.
See Azure Network Architecture details.
Application Security
Humanly employs both internal and external testing of our product. We regularly scan source
code and systems for vulnerabilities and preform necessary patching and updates based on
those results.
Training and Awareness
Humanly requires all employees and contractors to sign a confidentiality agreement prior to
commencement. During the on-boarding process, security awareness training is delivered to
all new hires and we continually publicize security alerts through our internal
communication channels.
Backup and Disaster Recovery
Humanly consistently backups data for the unlikely event of environment failure. All backups
are encrypted and stored on Azure.
Data Protection
Humanly encrypts data in transit and at rest on our servers utilizing recognized encryption
protocols SSL/TLS for in transit communication channels.