Security / Accessing the system

We host multiple instances of the application in multiple data centres, and use traffic management technology to direct traffic to the fastest responding service. We are able to deploy changes to the system without making the service unavailable so we expect to have very high availability.

We back up data through replication on to hard disks into separate data centres based within the same country as the customer in separate availability zones. Customer data is well protected from loss because of failure in our infrastructure. Replication is real time and the infrastructure is resilient therefore we expect a very low probability of data loss or reduced availability from infrastructure failure.

We take point in time backups which execute every 10 minutes or less, in the extremely unlikely event of a BrightHR operator failure we would recover to a pointing in time backup.

Consumers would not therefore need to take additional backups to protect against failure of our infrastructure or process. The backups are secured using the same mechanism as the live data.

You can choose to allow users to use personal devices to access our systems, however, you should make clear in a data and systems policy what responsibilities they have. If you choose not to allow use of personal devices you will need to enforce this through a policy.

BrightHR can be used from anywhere on any device and will require the user to log in with their user name and password. You need to ensure that your users are aware of the risk this poses and how to minimise that risk. If, for example, a user used BrightHR on their own computer or mobile device, left their account logged in, and did not lock their computer or device then someone you have not authorised to use the system could gain access. This is the same as any software as a service you allow a user to access from their own devices.

We have a business continuity plan and a business continuity location separate from our main offices. We practice attendance and operation from that site regularly.

Here at BrightHR we take data security very seriously and following Microsoft's announcement that support for the Internet Explorer 11 browser will end in August 2021, meaning security updates for this browser will no longer be provided. We are unfortunately no longer able to support Internet Explorer 11, instead you'll need to use an alternative browser so that we can continue to provide the highest standard of security for you.

All our customer facing services are hosted in the cloud in a way that makes them highly available. Our internal systems are hosted in multiple public or private cloud data centres which ensures resilience against failures. Our business-critical systems can be securely accessed from any location using laptop computers, cloud telephony and software as a service platform. During lockdowns in response to the COVID-19 pandemic we enhanced our technology capability to completely operate the business outside of our normal office location.

You can view our current status via status.bright.hr. If you still have concerns you can contact our support team.

Each time we have an incident that’s customer impacting we will produce a Major Incident Report, this internal document contains details about the underlying cause of the incident and our response/s to it. These documents are for us to learn from in order to help reduce the opportunity for major incidents to occur going forwards. Our auditors for accreditations such as ISO27001 also have access during an audit to this information.