Our Data Security | Security | HR Plus
Your Data Security with HR Plus

Your Data Security is of Paramount Importance

We implement security best practices both technically and procedurally to minimize any foreseeable security risk, ensuring you and your organization to enjoy the benefit of our offerings without extra security concerns.

IT Infrastructure

System Design & Architecture

Horus’s architecture is designed to be reliable and secure. We have adopted n-tire architecture with firewall in-between tiers to provide layer of protection.

Corporate network

HR Plus runs a zero-trust corporate network to ensure no other resources are granted additional privileges from being on our corporate network. 

Our Data Center Provider

Horus is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been operated under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

In addition, we are widely adopted services provided by AWS to increase network control in our entire system. You may visit  more details at AWS Whitepapers & Guides.

Our Data Storage Procedure

Horus’s Services are only accessible upon pre-defined authorization and access keys are rotated in a timely manner and stored individually from our code and data. 

We have also sandboxed production environments from testing environments to run security check without affecting the surrounding applications or operating system.

Data Backups

We perform encrypted and secure backups of important data once per year.

Cybersecurity Measures

Data Encryption

We adopt industry standard encryption algorithms with a minimum strength of AES-256 to fully encrypted all critical data (backups, archives and logs). 

HTTPS & Firewall

HR Plus web resources, including our REST API, web app, and public website are all served with HTTPS. In addition, we disable weak cipher suites and only support TLS 1.2+ 

Servers are well-protected by firewalls where not directly exposed to the internet. 

Log Aggregation and Monitoring

We perform log aggregation and monitoring to identify anomalous or suspicious events. In addition, all sensitive data (e.g. passwords, personal identifier, API Keys and etc.) are filtered from our logs and log data is fully expunged at set amount of period.

Disaster Recovery

Our services are distributed across multiple AWS availability zones and hosted in physically separate data centers, protecting services against single data center failures

Network Vulnerability Scans

HR Plus perform constant scan for vulnerability via modern security tools. All third-party libraries and tools are closely monitor for any potential risk. 

If there are new issues reported for software we used in our system, we ensure they are patched / updated upon the earliest availability. 

Internal Security Training

HR Plus understand most data beaches happened with manual mistakes. We are committed to provide mandatory and continuous security training to all HR Plus employees. In addition, all HR Plus employees are required to sign confidentiality agreements. 

User Authentication

Secure SSO (Single Sign On)

HR Plus adopts modern secure SSO standards, including SAML, OpenID, and OAuth.


HR Plus stored passwords in an irreversible cryptographic hash to ensure the information is stored is a form that can never be retrieved. 

Authentication Rule

Authentication session will be invalidated upon users change key information and session is set to be expired after a set period of inactivity.

In addition, we set limit on authentication attempts on all accounts and our system will block IP addresses when suspicious authentication activity is occurred. 

Role-based Access Control (RBAC)

Horus implement Role-based Access Control feature with different permissions levels. We ensures the defined type of users only access information they required to minimize potential security risk. 

Compliance & Privacy Policy

HR Plus has a comprehensive compliance & privacy policy covering topics from our commitment to follow EU’s General Data Protection Regulation (GDPR) to Hong Kong SAR Personal Data (Privacy) Ordinance.

In addition, we develop compliance training programme to ensure all our employees complying to our compliance guideline.

For more information, please see our Privacy Policy Page.

Vulnerability Disclosure Policy

HR Plus has an incident response procedure to response to unauthorized disclosure of data and other security incident.

If you have any concerns or experience a security issue, please email us at Security& and we will investigate swiftly after.

Ready to reshape your employee experience?

Speak to an expert about our solutions

By submitting this form, you agree to receive marketing information from HR Plus as set out in our Privacy Statement. You may unsubscribe at any time.

Yes, I would like to receive marketing communications regarding HR Plus products,services, and events *