Security at Zinob HR

We implement enterprise-grade security measures to protect your sensitive employee data. Security is not an afterthought—it's foundational to everything we build.

Our Security Measures

Encryption

AES-256 encryption for data at rest and TLS 1.2+ for data in transit, protecting sensitive employee information.

Access Control

Role-based access control (RBAC) ensures only authorized personnel can access specific employee data.

Audit Logging

Comprehensive audit trails of all data access and modifications for compliance and forensic analysis.

Threat Monitoring

24/7 monitoring for suspicious activities, unauthorized access attempts, and potential security threats.

Compliance

Adherence to Nepal labor laws, OWASP standards, and international data protection best practices.

Incident Response

Rapid response procedures for security incidents with notification to affected parties within 72 hours.

Data Protection and Encryption

Zinob HR employs multiple layers of encryption and security to protect sensitive employee data:

  • Data at Rest: All employee data stored in our databases is encrypted using AES-256 encryption, the same standard used by government and financial institutions.
  • Data in Transit: All communication between client devices and our servers uses TLS 1.2+ encryption, ensuring data cannot be intercepted during transmission.
  • Secure Infrastructure: Our systems are hosted on secure, redundant servers with automatic failover capabilities and regular backups stored in geographically distributed locations.
  • Key Management: Encryption keys are securely managed and rotated regularly following industry best practices.

Access Control and Authentication

We implement strict access controls to ensure only authorized personnel can access employee data:

  • Role-Based Access Control (RBAC): Different user roles (HR Manager, Employee, Admin) have different permission levels, ensuring employees only see their own data.
  • Multi-Factor Authentication (MFA): Optional 2FA adds an extra security layer by requiring a second verification method beyond passwords.
  • Strong Password Requirements: System enforces strong password policies and regular password changes for administrative accounts.
  • Session Management: Automatic session timeouts and secure session handling prevent unauthorized access from abandoned sessions.

Compliance and Standards

Zinob HR adheres to international security standards and Nepal-specific compliance requirements:

  • Nepal Labor Laws: Full compliance with Nepal's labor regulations, employment standards, and wage requirements.
  • Tax Compliance: Adherence to Nepal's income tax regulations and social security contribution requirements.
  • OWASP Standards: We follow OWASP (Open Web Application Security Project) guidelines for secure web application development.
  • Regular Security Audits: Third-party security audits and penetration testing are conducted regularly to identify and remediate vulnerabilities.
  • Data Protection: Compliance with international data protection principles and best practices for handling sensitive personal information.

Monitoring and Incident Response

We maintain comprehensive monitoring and rapid response procedures:

  • 24/7 Security Monitoring: Our security team continuously monitors systems for suspicious activities, unauthorized access attempts, and anomalies.
  • Intrusion Detection: Automated systems detect and alert on potential security threats in real-time.
  • Incident Response Plan: Documented procedures for responding to security incidents, including investigation, containment, and notification.
  • Breach Notification: In case of data breach, we notify affected parties and relevant authorities within 72 hours as required by law.
  • Post-Incident Analysis: After any incident, we conduct thorough analysis to prevent recurrence and strengthen security.

Backup and Disaster Recovery

We implement comprehensive backup and disaster recovery procedures:

  • Automated Backups: Automatic daily backups of all data with multiple redundant copies.
  • Geographic Distribution: Backups stored in geographically distributed locations to protect against regional disasters.
  • Regular Testing: Periodic testing of backup and recovery procedures to ensure data can be restored quickly.
  • Recovery Time Objective (RTO): We maintain RTO of 4 hours to minimize service disruption.

Employee and Organizational Responsibilities

While we maintain robust security measures, organizations and users also play a critical role:

  • Strong Passwords: Use strong, unique passwords and change them regularly. Never share credentials.
  • Enable 2FA: Activate two-factor authentication for added security.
  • Report Issues: Immediately report any suspicious activity or security concerns to your administrator.
  • Keep Software Updated: Ensure your devices, browsers, and operating systems are up to date with latest security patches.
  • Secure Network: Use secure, password-protected networks when accessing the system.
  • Data Backup: Organizations should maintain their own backups of critical data.

Security Concerns?

If you have any security concerns, questions about our security practices, or need to report a potential vulnerability, please contact us immediately. We take all security reports seriously and respond promptly.

Security and Compliance Team

Email: [email protected]

Phone: +977-1-5705005

Response time: Within 24 hours for security inquiries