Do you have Encryption of data at rest and data in motion?
ZingHR has both processes that it runs at the same time. We are fully compliant. .ZingHR uses AES 256, SHA 256, FPE protocols for encryption. These are globally validated.
Can customer demand security logs? And for what period? And how often?
Security Logs for LOGIN details is available on Reports Gallery for every customer after choosing from the filter, ON DEMAND. There is no frequency limit or size limit to requests by the customer on the platform. In addition, Customer can go to the Audit Trail Screen on the standard left side menu to get all Configuration related AUDIT Logs - for the entire period. This has been enabled for a 3-month period as standard. Beyond 3 months, the customer will have to download and keep it in their local records folder. Where the customer would ideally like the feature of being able to get audit logs of any/all or filtered activity on any module screen by specific role holders through the admin console for a defined period of time - that feature is currently not available on the front end of the ZingHR platform - web and mobile. Critical screens logs are available and captured backend; however not all. It will come as a feature in due course of time based on customer needs sets.
Does ZingHR have a QUE mechanism to transmit server-side encrypted data?
ZingHR does not use any QUE data lake mechanisms currently. Data encrypted is pushed to the appropriate addresses in the real time.
Are Security Certifications SOC 2 / VAPT etc. certified by approvedagencies?
Yes, it is an annual process of constant re-certifications by ZingHR product organization. Customers choosing to have additional processes do so, at separate commercials with ZingHR as these are customer processes to be taken in both for web and mobile applications.
How the application is patched for security issue?
ZingHR have deployed Barracuda WAF (Web Application Firewall) which detects and prevent attacks and vulnerabilities proactively. Barracuda WAF is a comprehensive web application security platform that secures apps, defends against bots and DDoS attacks, and accelerates application delivery. It provides granular logging, alerting, and reporting for management, compliance, or early warning detection. It is part of a comprehensive line of data protection, network firewall, and security products assisting us in robust protection from ever-increasing cyber threats.
TLS 1.2 protocol is used in ZingHR application model, and ZingHR has defined and build high level architecture with best security practices. ZingHR conduct third party audits and VAPT and follows the best standards.
How frequent application required patching?
ZingHR Product is Global SaaS product on Microsoft Azure Cloud
Patches are applied on UAT server and are reviewed and only after review, patches are then applied on Production servers.
The Operating System Patch Management process is conducted once in a month to address the vulnerabilities identified.
Who is managing the Security Incidents for ZingHR?
ZingHR has designated Security analyst for managing all the security incidents.