Does ZingHR have documented Information security policy?

Yes, The Confidentiality, Integrity Availability, Security and Privacy of information are pillar to the administration and operation of ZingHR. The objective of the ZingHR Information Security Policy is to ensure Management commitment towards information security , business continuity. High availability and minimize business damage by preventing and managing it to an acceptable level the impact of information security incidents.

What type of authentication model is available in ZingHR login?

The application is password protected with role based access to authorized users only. Roles and access are provided only on need to know basis with management approval to authorized users.

Does the ZingHR solution support Single Sign On? If so, is customization required?

Yes. The ZingHR solution supports Windows AD, Azure AD, Gmail single sign on. Customization depends on the options clients choose.

Can the security be externalized into an enterprise identity store such as Microsoft Active Directory?

Yes, it can be externalized into an enterprise identity store such as Microsoft Active Directory

Does solution support strong passwords?

Yes. Our password is SOX compliant. ZingHR has defined standard password policy which states about password complexity.

Are transactions secured?

The servers are SSL certified with AES 256 bit encryption which ensures security of every transaction , ZingHR uses SHA2 hashing algorithm to encrypt the user passwords and encrypted data is stored in the database

What protocols are used to secure the solution?

TLS 1.2 protocol is used in ZingHR application model, and ZingHR has defined and build high level architecture with best security practices. ZingHR conduct third party audits and VAPT and follows the best standards.

What application security measures (if any) do you use in your production environment (e.g., application-level firewall, database auditing)?

ZingHR is hosted on the secure Microsoft Azure Cloud platform. ZingHR uses the various security precautions offered by Azure Cloud like Web Application Firewall, SOC, DLP, IDS IPS and HIPS.

Define hardening on the platforms and protocols/ports?

The access on the ports are restricted. The servers are whitelisted with restricted access. Also all servers are hardened as per ZingHR hardening standards.

Can any third party access clients production data?

Only authorized users from ZingHR get access to data on need to know basis to process it with defined restrictions.

How passwords are stored in ZingHR?

Authentication information (passwords) is maintained locally with strong encryption algorithm and stored securely (SHA-256 or above and salted hash)

How is multi tenancy supported in ZingHR service?

Database servers are shared, data is partitioned by SQL schema in the underlying database. Folders are provided to users and managed through barriers and privileges.