Security principles embedded on all system layers
We protect your data
FledgeHR is designed with data protection and security in mind. We perform detailed analysis in all development and hosting phases of the system’s modules taking into account risk assessment, information security and data protection. The output is then applied on all application levels from design documents to low level algorithms and libraries so that information security is embedded in FledgeHR both through our people’s knowledge and through the underlying platform.
Data transmitted and stored in FledgeHR is served to and from your browser under secure connection SSL (Secure Socket Layers)
Where is your data stored
FledgeHR uses Microsoft Azure cloud and Azure SQL database as its native hosting and processing platform coupled with highly scalable and proven web development languages, tools and practices.
Azure is designed by Microsoft with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by various regulations. Read more about Azure security here
All FledgeHR data is stored on Microsoft Datacenters located in Europe, in Netherlands and Ireland. Read more about Azure locations here.
Managing access and controlling how data is used and accessed
FledgeHR helps ensure that only authorized users with valid credentials can access the data.
The system follows recommended best practices for data protection and authentication, such as using separate accounts to authenticate users and applications. This enables limiting the permissions granted to users and applications and reduces the risks of malicious activity.
The underlying database server of FledgeHR, Microsoft SQL, provides the following built-in solutions that help in achieving greater security.
Azure SQL Database Firewall
When creating a database server in Azure, a firewall is set up to help protect the data. The firewall prevents all access to the database server until explicit access permissions are specified, based on the originating IP address of each request.This allows only necessary services to connect to the database, to ensure full functionality across Azure services.
This feature is used to restrict access according to specific user entitlements. We use Row-Level Security to control access to rows in a database table based on the characteristics of the user. In this way, only database users that have a specific need to access data in a database row will be granted that access. For example, every company using FledgeHR can access only those data rows that are pertinent to their setup.
The restrictions are applied every time that data access is attempted from any tier. This makes the security system more reliable and robust by reducing the system’s surface area.
Transparent Data Encryption
Transparent Data Encryption (TDE) addresses the scenario of protecting the data at the physical storage layer. TDE performs real-time encryption and decryption of the database, associated backups, and transaction log files.
This ensures that if these files are moved to another server, they cannot be opened and viewed on that server.
We rely on Azure’s native automatic database backup processes and we perform additional daily backups, so we can have your data safe and restorable within minutes in case of a major impact on the business continuity.
Contact us for more information!