Security

Enterprise-grade security for Philippine HR data

Your employees trust you with their personal information. We take that responsibility seriously — with encryption, strict access controls, and full RA 10173 compliance built in from day one.

Security Pillars

Encryption at Rest & In Transit

All employee data is encrypted at rest using AES-256. All data in transit is protected with TLS 1.3. Encryption keys are managed using industry-standard key management practices.

Role-Based Access Control

Granular RBAC ensures every user sees only the data they need. Separate roles for HR Admin, Payroll Officer, Department Manager, and Employee Self-Service.

Secure Infrastructure

Hosted on ISO 27001-certified cloud infrastructure. Data centers in Singapore and Japan with enterprise SLA. Philippine data residency available for Enterprise clients.

Audit Trails & Logging

Every data access, modification, and login is logged with timestamp, user, and IP address. Audit logs are immutable and retained for 12 months.

Breach Detection & Response

24/7 automated threat detection with alerting. In the event of a breach, subscribers are notified within 72 hours in compliance with RA 10173 and NPC reporting requirements.

RA 10173 (Data Privacy Act) Compliance

HRISPH is registered with the National Privacy Commission (NPC). Our Data Protection Officer oversees all processing activities and employee data handling.

Compliance & Certifications

✓

ISO 27001

Infrastructure provider certified

Our cloud infrastructure provider maintains ISO 27001 certification.

✓

RA 10173 (DPA)

Compliant

NPC-registered, with Data Protection Officer and Privacy Management Program.

✓

PCI-DSS

Payment processor

Card payments processed by PCI-DSS Level 1 certified payment provider. We never store card numbers.

✓

DICT Cloud First Policy

Aligned

Architecture aligned with DICT guidelines for cloud services in the Philippines.

Technical Specifications

Encryption at Rest	AES-256
Encryption in Transit	TLS 1.3
Password Hashing	bcrypt (cost factor 12+)
Authentication	MFA enforced for Admin roles; TOTP or SMS OTP
SSO Support	SAML 2.0, OAuth 2.0, Google Workspace (Enterprise)
Session Timeout	Configurable; default 8 hours idle
Data Backups	Daily automated backups; 30-day retention; point-in-time recovery
Uptime SLA	99.9% (Starter/Pro); 99.99% (Enterprise)
Penetration Testing	Semi-annual third-party pen test
Audit Log Retention	12 months (active); 5 years (archived)

Found a security issue?

We appreciate responsible disclosure. Report security vulnerabilities to our security team directly.

security@hrisph.com Data Processing Agreement