At Myhrtoolkit we understand just how important security and information safe-guarding is to our customers. With that in mind, we employ modern security best practice to ensure that your data is safe. Additionally, myhrtoolkit are registered with the Office of the Information Commissioner as a data processor. The following sections outline our security and support systems.
State-of-the-art secure hosting
The best security needs to extend all the way to the hardware level. Myhrtoolkit resides on a cluster of advanced, secure Rackspace servers (www.rackspace.co.uk) that are protected by a sophisticated firewall and intrusion detection/prevention system. Rackspace are known for their fanatical support and ensure that all of our servers are kept up to date with the very latest security measures and patches.
Our servers sit behind a CISCO ASA firewall. All services and ports other than standard web ports, are either removed or locked down by IP address. They run a patched and hardened installation of Red Hat Enterprise Linux with intrusion detection and anti-virus applications.
If after reading this document, you require further information regarding Rackspace and the services they provide to us, we would be pleased to pass you on to our account contact.
Myhrtoolkit utilises the best encryption available. Our certificates are encrypted with 256bit encryption and all data that passes between you and our servers is encrypted with industry standard 128bit encryption.
All passwords are encrypted using standard AES encryption algorithms. General data is obfuscated but not encrypted as this needs to be searchable and indexed. Encrypting all field level data would impact performance too much and isn’t feasible. This is a standard configuration.
We regularly update our encryption methods to ensure that we drop support for weak cyphers and apply security patches as soon as they are available.
Connections to and from our servers takes place over SSL. We have strengthened our SSL (or accurately TLS) connections significantly and only support strong cipher suites. Weaker SSL v2 and v3 protocols are not supported and TLS 1.0 will be dropped in due course.
We are not PCI DSS audited but where possible we use them as best practice. We have achieved an A grade from Qualys SSL Labs, which can be seen at https://www.ssllabs.com/ssltest/analyze.html?d=app.myhrtoolkit.com
Each week our server is scanned by Netcraft for vulnerabilities. Any found are patched within days. From the Netcraft website : “Netcraft updates its test suite daily, adding new tests for the latest security exploits. A site with an up to date “Audited by Netcraft” seal is your assurance that the site owner is vigilant and maintaining the security of their site against the latest Internet security vulnerabilities.” You can see our current Audited by Netcraft status and more information at https://audited.netcraft.com/clickthroughs/1238ab9e08660ddcc8c2755b87aff86a.html
Denial of Service (DoS) attack
To maintain a solid defence against DoS type attacks, our hosting partner Rackspace utilises a sophisticated proprietary system to prevent a DoS attack at the hardware level
Brute Force attack
Our login system has inbuilt protection against attempts to break into the system using automated brute force attack.
We understand the importance of regular solid backups. Our backup routine is daily differential and weekly full backups. These are stored at Rackspace for 2 weeks and also encrypted and sent off-site for 30 days. Rackspace use Iron Mountain for their off-site data retention and to ensure Rackspace’s PCI DSS compliance, these backups are handled in compliance with PCI DSS requirements. If you require more information about Rackspace or their partners please visit http://www.rackspace.co.uk/certifications.
Myhrtoolkit are happy to help you with your data retention requirements. Upon closure of an account, we hold customer data for a further month before deleting all data rendering it non-recoverable.
Service & Support
Myhrtoolkit comprises a team of professionals who are dedicated to making myhrtoolkit both highly secure and extremely reliable. We are committed to ensuring that when a problem does arise we are responsive and quick to resolve it.
At the hardware level, the Rackspace SLA guarantees 100% network uptime and a 1 hour replacement for any hardware failure upon diagnosis.
When you do need support, you can find a fully integrated help section within myhrtoolkit. Here you can find a guide to using myhrtoolkit as well a form to send a direct message to the myhrtoolkit Support team. Additionally there are a wide range of support documents and videos on the support areas of our website at https://www.myhrtoolkit.com/support/.
Alternatively, support is available by email from a member of the team within myhrtoolkit business hours: 09:00 – 17:00, Monday to Friday (UK Time).