About us
A Secure and Trusted Partner
When you’re sharing employee data and other potentially sensitive information with people outside of your organisation, you want to know that it’s processed and stored securely.
At WorkNest, we take a stringent approach to data privacy and have robust systems in place to ensure confidentiality, integrity and availability.
Application security
Encryption
All our web portals use HTTPS encryption, which means connections between you and our portal are protected using the latest TLS encryption.
Web firewalls
Our firewalls and DDoS attack prevention technologies defend against application attacks such as SQL injection, cross-site scripting attacks and session hijacks. Our firewalls handle threats identified by the Open Web Security Project common vulnerabilities.
Data centre and hosting
Our applications are hosted within Microsoft Azure cloud services. Microsoft Azure provides ISO 27001 HIPAA, FedRAMP, SOC 1 and SOC 2 certifications. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.
Patch management
Our patch management process ensures that all our machines and workstations are quickly updated with the latest security fixes. We run regular auditing of our infrastructure and devices.
Penetration testing
We undertake penetration testing on all our applications and external infrastructure regularly to identify potential vulnerabilities.
Data privacy
Your data will be securely stored in our applications and ring-fenced from other customers’ data.
We use application roles to ensure only the appropriate departments have access.
We store your data within the UK and will never transfer your data outside the UK without permission.
Our standard retention policy is seven years and we only keep the data we need to fulfil our service.
Data security is of great importance to us at WorkNest and we have the appropriate data safeguards and procedures in place to protect your data.
