Technical product sheet
Data types in the system
Talent Onboarding stores information about the name and contact information such as
- Joining Date
Data gathering based on questionnaires and file uploads are defined by the customers in the onboarding service.
Data Privacy & GDPR
Data collection from the new employees are setup as questionnaires and uploaded files with the purpose of onboarding the employee into the new company. User consents are not collected since this data follows the natural purpose a new employee need to give to their new employer.
If a user wants to remove their data from the system or view the data they have given, they need to contact the company and request this from the administrator of the system.
Security and operations
The database we use is AzureSQL where all data is partitioned by the tenant/customer it belongs. Using Azure SQL also includes some advanced security benefits such as encryption in transit and at rest. Read more about AzureSQL security here : https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview
The Talent Onboarding application is https only and is protected by a SNI based TLS certificate.
The Talent Onboarding application is currently running in a single location but we are planning to setup a redundancy site when needed to scale workload and to handle disruptions in the service. At the moment our redundancy plan is using fully automatic rebuild of the site that takes approximately 5 minutes.
Database backups are taken to restore to any point in time within 10 minutes, and kept for 7 days following standard AzureSQL backup policy.
Geolocation of data and services
Azure North Europe (Ireland) is used as the default azure datacentre for our services. The secondary datacenter is Azure West Europe (Netherlands) and will be used for redundancy sites. We are looking to move data closer to our primary customer market in the Nordics when Azure open datacentres in Norway.
Access authentication and authorisation
Authentication: HRID is our identity server and is used to handling authentication for many of our services. HRID is based on IdentityServer, which is officially open source certified implementation of OpenID Connect. That means all the users who need access to TO, first need to have a HRID account. The creation of HRID users happens from TO, because TO has an integration with HRID which create users there on the fly.
Authorization: There are two roles in TO, which is «User» and «Admin». The first superuser gets the role «Admin» on customer setup and that user again can create more system users with the desired role. The roles and authorization(access management) is handled in Talent Onboarding
Release cycle & feature toggles
Talent Onboarding are continuously updated following our automatic devops release process. New features are handled with feature toggles following a controlled roll out to internal users, pilot customers and the rest of the customers.
The Talent Onboarding has been designed to give a great mobile user experience, but works great on desktop too.
Status and Health reporting
Talent Onboarding is targeted to be available at least 99.5% and is using Azure Application Insights for monitoring and health reporting. Alerts are setup to notify operations team during slowness or if the service is unresponsive.