Managing customer data securely is something the Humanly team is truly passionate about. We believe customer trust is something that must be earned every day. To do that we do more than just check boxes but have this promise ingrained into how we build, operate, and manage our systems, as well as processes that put the safety of customer data first.
With the EU General Data Protection Regulation (GDPR) becoming effective on May 25 2018, we have worked to update our policies and practices to align with the new GDPR requirements and principles and ensure a level of security appropriate to the risks as required by GDPR Article 32.
We've been security minded since day one, putting security first in every step of the development lifecycle. Our entire Humanly product team has been through security training and holds one anothers' work accountable through regular code reviews, penetration tests, and vulnerability scans.
Humanly is a native cloud application and uses Azure infrastructure. Azure has been accredited under several programs including below:
ISO 27001 Certification
PCI DSS 2.1 Service Provider Level 1 Certification
Humanly keeps data logically separated and tags data by organization throughout the lifecycle. No data is transmitted to Humanly without encryption.
Humanly is hosted on Azure who provdes robust physical data center security and environmental controls. Humanly's corporate office requires badge access for entry, maintains video surveillance, and requires all visitors to sign in and be accompanied when present.
See more about Azure Physical Security here.
Humanly controls access to our production networks through the use of strictly defined rules such as firewalls and requires multifactor authentication where appropriate and encrypted connections. We also utilize logging and email filtering to identify potential security threats.
Our infrastructure is hosted in Azure. See Azure Network Architecture details.
Humanly employs both internal and external testing of our product. We regularly scan source code and systems for vulnerabilities and preform necessary patching and updates based on those results.
Humanly requires all employees and contractors to sign a confidentiality agreement prior to commencement. During the on-boarding process, security awareness training is delivered to all new hires and we continually publicize security alerts through our internal communication channels.
Humanly consistently backups data for the unlikely event of environment failure. All backups are encrypted and stored on Azure.
Humanly encrypts data in transit and at rest on our servers utilizing recognized encryption protocols SSL/TLS for in transit communication channels.
