Encryption and security of data in HRMTS

Owned by Thomas Hellstrøm (Unlicensed)
Last updated: 2019-01-11
1 min read

To make sure nobody gets unauthorized access to data in HRMTS applications we make sure we are handling them in a secure way.

Data in transit

  • Data is always transported over HTTPS between HRMTS services and the users browsers or apps.
  • The system support authentication and authorization with user access roles.
  • SAML/OpenIdConnect support through our HRID for all customers that wants this for authentication.
  • SHA256 encryption is used for machine to machine communication

Data at rest

  • Database servers are not connected to internet and can only be accessed by the application within a closed network at Telecomputing
  • Database are not encrypted by default. We have the option of adding encryption to database with customers with a special agreement when it comes to :
    • owner of encryption key
    • additional price
    • reduced recovery times if database needs to be restored or moved
  • Server disks are not encrypted as they are physically protected by Telecomputing following ISO27001 standards
  • Database backups are password protected
  • Keys and certificates are handled by our data center provider, Telecomputing following ISO27001 standards
  • Hard disks and server management and termination are handled by our data center provider, Telecomputing following ISO27001 standards