Scroll

Committed to keeping your data secure and private.

Our Tandem understand the trust our customers, employees and shareholders put in us to protect and respect their data, and so we have adopted rigorous processes to constantly secure this data.

Compliance
ISO/IEC 27001:2013 Certified and GDPR compliant. Test link
Security
We follow a best standard Information Security Management approach. Test link
Data Privacy
Adhere to global data protection regulations and obligations and take a privacy by design approach with flexible configuration. Test link
Reliability
Committed to maintaining excellent reliability and availability of our cloud-based applications which we monitor 24/7/365. Test link

Compliance Certifications

ISO/IEC 27001:2013 certified with regular documented audits by external accredited 3rd parties.

GDPR compliant protecting our customers and employee’s data and monitored by accredited external parties.

We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach We follow a best standard Information Security Management approach

Organisational Security

People are at the centre of our Information Security Management System (ISMS). We are committed to the highest standards of protecting and safeguarding the data we are responsible for.

Application Security

Our services are available via web browser, O365 plugin or mobile applications. All our web application architecture conforms to OWASP Security Practices. We enable SSO using SAML2.0 protocol, password management, audit tracing and logging with 24/7 scanning and monitoring.

Network Cloud Security

Our hosting partner is Amazon Web Services (AWS), and data is processed and stored in AWS data servers located in Europe via Virtual Private Cloud solution and regular 3^rd party vulnerability scanning and penetration testing.

Secure Development

We follow an Agile Development Methodology which is documented in our Software Development Lifecyle Policy. All data is segregated using multiple development, preview and production environments.

Data Security

All customer data is encrypted both in transit and at rest utilising industry best-practices. For Data in Transit the application is available via TLS v1.2 connection only (HTTPS protocol). Data at rest is encrypted by default with the industry standard AES-256 encryption algorithm.

Integration

customer data can be integrated via either SCIM API or SFTP file upload and integration available to all major HR ERP platforms.

Application Monitoring & Scanning

All systems and applications are regularly monitored with automated tools and kept up to date with the latest security patches in accordance with our internal system change control and management policy and any critical patches are deployed immediately.

We adhere to global data protection regulations and obligations.

Data Compliance – Our Data Processing Agreements and legal contracts clearly articulate obligations of our customers as data controllers and obligations of Our Tandem as data processor with legal commitments on how we will process and protect customer data.

Data Storage – All EEA data is stored and backed up in EEA data centres and all our sub-contractors follow GDPR Principals

Data Breach – We investigate any potential data breaches immediately and notify Security Breaches we become aware of within 72 hours to the appropriate data regulator.

Rights of Data Subjects – Our Tandem have processes in place to facilitate the Rights of Data Subjects in line with GDPR.

We are committed to maintaining reliability and availability of our cloud-based applications which we monitor 24/7/365.

Availability – We commit to maintaining a minimum availability of 99.5% uptime.

Incident Response – Our Business Continuity Plan (BCP), Disaster Recovery (DR), Data Backup, and Incident Management approaches are in line with ISO 27001 framework.

Logging & Monitoring – All logs are stored in AWS CloudWatch with automatic backups to S3 and stored for inspection. All administration access and activity are traced and logged using AWS CloudTrail.

We embed privacy by design into our product and development lifecycle through completion of DPIA’s and a focus on putting our customers in control of their data with flexibility to manage data privacy settings.

Some of our market leading functionality which puts customers in control of their data include:

Ability to turn on or off publishing of Data Privacy Statements and Consent settings.
Ability to set your own password policies & session time out settings.
Configuration of Data retention periods for both active and inactive users.
Anonymised survey data to protect recipient and contributor and aggregated data analytics.
SSO/SAML2.0 login, advanced user authentication and permission settings localised to each customer to control access groups and role permissions.
Feedback and goal settings which can be set to public or private with flexibility to change these configurations.
Restriction of confidential data between relevant individuals e.g., Performance Review or Check-ins only visible between manager and employee.
Hard Data Deletion when data is no longer required, or customer agreement terminated.