Data Security | Network Security | Access Policy
Application Security in compACT
Data, security, and privacy are obviously important areas for customers in HCM and so we believe it is essential that customers understand how compact protects their data within the system.
Sign-up Security and Secure login
The moment you start accessing CompACT entire communication is encrypted. We employ two factor authentication or Signal signOn. Passwords are stored in an encrypted form in our systems. If you suspect that someone has had access to your password, please contact us immediately.
Session Time out (automatic log-off)
CompACT system will automatically log you off after a certain period of inactivity. This reduces the risk of others accessing your information from your unattended computer.
User Permissions
compact uses RBP (Role Based Permission) framework to control data access for different users. The RBP framework allows for granular management of field-level permissions across most of the Compact features. It uses Permission Roles to be created that are assigned to users. The RBP framework allows for granular rights at field-level, meaning that permissions (e.g. view, edit, correct, delete, etc.) can be controlled for each field in each role. Access to transactions and administrative functionality is also controlled to a fairly granular level. As an example, almost all fields, menu items, and actions in screens can be permitted.
HR Role Assignment
Super Admin Role Assignment
compACT SaaS hosting IT Infrastructure
One of the biggest concerns for companies when they are considering a SaaS solution is security. While many feel that they have complete control of security only when using On-premises setup, it is worth highlighting that compACT has a strong number of security standards and mechanisms in place to protect its systems and its customers’ data. There is a widespread perception that data is less secure in the cloud, yet, in reality, the opposite is more likely to be true. This is generally because, although the larger customers using On-premises setup may have dedicated security teams, a number of smaller customers do not have the resources to dedicate a specialist team to manage security in the same way that a cloud vendor like Kinixsys could.
Internally, Kinixsys classifies security as a product itself and it has a strong focus on data handling, privacy, and protection. Kinixsys is a specialist in processing and protecting customer data. Since providing secure software services is the core business of Kinixsys, it has in-house expertise to provide the correct level of protection that is required to safeguard users’ sensitive data.
When it comes to handling customer data, contractually Kinixsys is a data processor and not a data controller. It has no rights or warrants to customer data and can only perform actions with their users’ data that are specified in the contract between the two parties. The customer always retains ownership of its data and can, at any point, download a CSV file of all its data from Kinixsys – compACT.
compACT security standards are based on the strict UK BS10012 standards for data privacy and the ISO27002 framework for security standards. compACT also complies with a host of continental and global security standards and certifications, including:
- EU Directive 95/46/EC (also known as the Data Protection Directive)
- Payment Card Industry Data Security Standard (PCI DSS)
- ISO27002
- BS10012
- SSAE-16 SOC2
- ASIO-4
- FIPS 140-2 level 3 certification
- U.S. government FISMA accreditation (OPM/DHS/NTIS)
- Safe Harbor certification
compACT has various security protections at each of the layers of its service and infrastructure, including the physical site, database, middleware, application, and network and communication channels.
Security testing
The security of the CompACT website setup and review is based on OWASP recommendation. Though our internal security experts conduct security reviews multiple times in a year to ensure we meet all industry standards. We employ CREST certified third party companies to perform security audits on our website and development environment to ensure our customer data and transactions are secure. All Web and Database servers are tested and patched as and when security updates are made available
Encryption
CompACT employs the strong encryption solutions which are commercially available to ensure data is encrypted in transit and at rest. During any transaction, 256 bit SSL encryption which turns your information into a coded sequence with billions of possible variations, making it nearly impossible for unwanted intruders to decipher. Look for a “closed lock” icon in your browser to confirm if encryption is being used on any Web page you are viewing. Any Web address beginning with “https://…” indicates the page you are viewing uses encryption. The “s” stands for “secured.”
On the database layer, compact has numerous controls for activity monitoring and blocking, data-change logging, and auditing on its databases, and classified stored data is encrypted. All changes to data are logged in unalterable log files with a variety of attributes. Additionally, data is also backed up on a nightly and weekly basis.
Compact’s Digital defense network:
Barracuda Web Application Firewall in High availability clustered mode along with Microsoft Azure Security protection are used to create a multi-layer security network. Barracuda Web Application Firewall is ICSA Labs certified Web application firewall.
Constant Protection from Evolving Threats, the Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known application layer attack modalities. Automatic updates provide defence against new threats as they appear. As new types of threats emerge, it will acquire new capabilities to block them
Endpoint security
All Web and Database servers have Symantec Endpoint security enabled for continuous Antivirus protection and data leakage prevention.
System Availability
Kinixsys contractually promises a minimum of 99 percent system availability to customers outside of regular and emergency maintenance windows and, as a result, has carefully considered the steps required to maintain high availability, performance is also a critical factor for high user satisfaction. The servers used for every tier of the service (e.g., network, database, and application) are clustered and load balanced to spread traffic demand and act as a fail over to prevent interruption or loss of service. Fallback servers—replicas of the active production servers—are on standby in case of an upsurge in usage.