HR Plus runs a zero-trust corporate network to ensure no other resources are granted additional privileges from being on our corporate network. 

Horus is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been operated under:

• ISO 27001
• SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
• PCI Level 1
• FISMA Moderate
• Sarbanes-Oxley (SOX)

In addition, we are widely adopted services provided by AWS to increase network control in our entire system. You may visit  more details at AWS Whitepapers & Guides.

Horus’s Services are only accessible upon pre-defined authorization and access keys are rotated in a timely manner and stored individually from our code and data. 

We have also sandboxed production environments from testing environments to run security check without affecting the surrounding applications or operating system.

We perform encrypted and secure backups of important data once per year.

HR Plus web resources, including our REST API, web app, and public website are all served with HTTPS. In addition, we disable weak cipher suites and only support TLS 1.2+ 

Servers are well-protected by firewalls where not directly exposed to the internet. 

We perform log aggregation and monitoring to identify anomalous or suspicious events. In addition, all sensitive data (e.g. passwords, personal identifier, API Keys and etc.) are filtered from our logs and log data is fully expunged at set amount of period.

Our services are distributed across multiple AWS availability zones and hosted in physically separate data centers, protecting services against single data center failures

HR Plus perform constant scan for vulnerability via modern security tools. All third-party libraries and tools are closely monitor for any potential risk. 

If there are new issues reported for software we used in our system, we ensure they are patched / updated upon the earliest availability. 

HR Plus understand most data beaches happened with manual mistakes. We are committed to provide mandatory and continuous security training to all HR Plus employees. In addition, all HR Plus employees are required to sign confidentiality agreements. 

HR Plus stored passwords in an irreversible cryptographic hash to ensure the information is stored is a form that can never be retrieved. 

Authentication session will be invalidated upon users change key information and session is set to be expired after a set period of inactivity.

In addition, we set limit on authentication attempts on all accounts and our system will block IP addresses when suspicious authentication activity is occurred. 

Horus implement Role-based Access Control feature with different permissions levels. We ensures the defined type of users only access information they required to minimize potential security risk.