Our Tandem Red Logo

Shaping culture for an agile world

Scroll

Committed to keeping  your data secure and private.

 

Our Tandem understand the trust our customers, employees and shareholders put in us to protect and respect their data, and so we have adopted rigorous processes to constantly secure this data.

  • Compliance
    ISO/IEC 27001:2013 Certified and GDPR compliant.
  • Security
    We follow a best standard Information Security Management approach.
  • Data Privacy
    Adhere to global data protection regulations and obligations and take a privacy by design approach with flexible configuration.
  • Reliability
    Committed to maintaining excellent reliability and availability of our cloud-based applications which we monitor 24/7/365.

Compliance Certifications

  • ISO/IEC 27001:2013 certified with regular documented audits by external accredited 3rd parties.

 

  • GDPR compliant protecting our customers and employee’s data and monitored by accredited external parties.
We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach
Organisational Security 

People are at the centre of our Information Security Management System (ISMS). We are committed to the highest standards of protecting and safeguarding the data we are responsible for.

Application Security

Our services are available via web browser, O365 plugin or mobile applications. All our web application architecture conforms to OWASP Security Practices. We enable SSO using SAML2.0 protocol, password management, audit tracing and logging with 24/7 scanning and monitoring.

Network Cloud Security

Our hosting partner is Amazon Web Services (AWS), and data is processed and stored in AWS data servers located in Europe via Virtual Private Cloud solution and regular 3rd party vulnerability scanning and penetration testing.

Secure Development

We follow an Agile Development Methodology which is documented in our Software Development Lifecyle Policy. All data is segregated using multiple development, preview and production environments.

Data Security

All customer data is encrypted both in transit and at rest utilising industry best-practices. For Data in Transit the application is available via TLS v1.2 connection only (HTTPS protocol). Data at rest is encrypted by default with the industry standard AES-256 encryption algorithm.

Integration

customer data can be integrated via either SCIM API or SFTP file upload and integration available to all major HR ERP platforms.

Application Monitoring & Scanning

All systems and applications are regularly monitored with automated tools and kept up to date with the latest security patches in accordance with our internal system change control and management policy and any critical patches are deployed immediately.

We adhere to global data protection regulations and obligations..

Data Compliance – Our Data Processing Agreements and legal contracts clearly articulate obligations of our customers as data controllers and obligations of Our Tandem as data processor with legal commitments on how we will process and protect customer data.

Data Storage – All EEA data is stored and backed up in EEA data centres and all our sub-contractors follow GDPR Principals

Data Breach – We investigate any potential data breaches immediately and notify Security Breaches we become aware of within 72 hours to the appropriate data regulator.

Rights of Data Subjects – Our Tandem have processes in place to facilitate the Rights of Data Subjects in line with GDPR.

We are committed to maintaining reliability and availability of our cloud-based applications which we monitor 24/7/365.

Availability – We commit to maintaining a minimum availability of 99.5% uptime.

Incident Response – Our Business Continuity Plan (BCP), Disaster Recovery (DR), Data Backup, and Incident Management approaches are in line with ISO 27001 framework.

Logging & Monitoring – All logs are stored in AWS CloudWatch with automatic backups to S3 and stored for inspection. All administration access and activity are traced and logged using AWS CloudTrail.

We embed privacy by design into our product and development lifecycle through completion of DPIA’s and a focus on putting our customers in control of their data with flexibility to manage data privacy settings.

Some of our market leading functionality which puts customers in control of their data include:

  • Ability to turn on or off publishing of Data Privacy Statements and Consent settings.
  • Ability to set your own password policies & session time out settings.
  • Configuration of Data retention periods for both active and inactive users.
  • Anonymised survey data to protect recipient and contributor and aggregated data analytics.
  • SSO/SAML2.0 login, advanced user authentication and permission settings localised to each customer to control access groups and role permissions.
  • Feedback and goal settings which can be set to public or private with flexibility to change these configurations.
  • Restriction of confidential data between relevant individuals e.g., Performance Review or Check-ins only visible between manager and employee.
  • Hard Data Deletion when data is no longer required, or customer agreement terminated.

Trusted by large enterprises, worldwide.

Our Tandem is trusted by enterprise organisations in 53 countries, on six continents around the world.

 

Client Logos

 

 

Help your managers identify their people’s strengths, opportunities, and areas of improvement today.

 

Speak to our team

 

Get Inspired!

Book a Demo