Data Privacy Day
The 28th January is internationally recognised as Data Privacy Day; focusing on creating awareness on the importance of keeping and respecting the privacy of individuals and for businesses to be clear and transparent about how they handle such information.
At Shireburn we recognise this by continuously improving our cyber security, making sure that we safeguard the data that clients entrust us with. The CIA Triad model helps us to achieve this.
CIA stands for ‘Confidentiality’, ‘Integrity’ and ‘Availability’. This model is what we base our Indigo Payroll, Indigo Attendance, and Indigo HR solutions on. Besides ensuring that our own internal practices follow this model, we have also implemented several features to allow our users to minimise data privacy risks in their own workplace. Below are some of the features and practices Shireburn has built to ensure that your data is safeguarded.
Confidentiality – Data should be accessed only by those authorised to do so
Users are assigned a user Role which is tied to a specific set of user permission sets.
- We have all functions and screens in Indigo which are associated with either a role, a permission or both.
- Permission sets are organised and allocated to a user. This means that as an administrator, you will have the possibility to customise access at a granular level.
- Whitelisting and blacklisting of IP’s allows you to tighten down access if needed.
- Our multi-factor authentication offers yet another medium to secure the login process.
Integrity – Data should be protected against unauthorised alterations, maintaining consistency and trustworthiness
- All data which is sent to Indigo is encrypted in transit.
- Each successful or unsuccessful login within the system is audited.
- Every URL visited in the system is audited.
- Every record in the system maintains the “created on,” “created by,” “modified on,” and “modified by” fields.
- Sensitive information such as Employees & Payroll Calculations, are audited when modified or deleted.
Availability – Data should be available and accessible when needed by those authorised to do so
- Data is replicated on Microsoft Azure services in two different EU countries. This provides a greater assurance on the availability of our service.
- We carry out Business Continuity Plans and Disaster Recovery (BCP/DR) processes at least once a year. In the extreme case of an emergency, our highly skilled security and development teams are prepared to execute established processes to bring up any effected services in set periods.
- We conduct weekly internal penetration tests as well as tests carried out by third parties who provide us with an independent assessment of the application and security infrastructure we have. This helps us continue working on our strengths as well as allowing us to identify and act upon any weaknesses or threats.
- With a rolling uptime of 99.991%, the Shireburn team continues to make sure that Indigo is available and continues to improve your workflow.
Keep an eye out for upcoming Indigo features related to a more integrated authentication method within your environment, as well as additional functionalities which will further enhance your compliance with GDPR (General Data Protection Regulation).