Certified Security

The trust of our clients and users has taken us far. For this reason, we commit every day to protecting your data with the best security measures.

We hold renowned certifications

Thanks to this effort, we have ensured that security at Bizneo HR is backed by renowned certifications, which we strive to keep up to date, meeting the strict security measures required.

  • At the international level: ISO 27001 & ISO 9001

Furthermore, Bizneo complies with the requirements established by the GDPR, from data processing throughout its entire lifecycle to the location of our servers, which are always hosted within EU-based instances.

Whether your company is flexible or highly strict, we have a time tracking solution for you.

Comprehensive Data Protection

We regularly review our systems to identify new risks and evaluate implemented mitigation measures, conducting a thorough analysis at least once a year or in the following cases:

  • When there are changes in information
  • When there are changes in services
  • If a serious security incident occurs
  • If significant non-conformance issues are detected in our internal or external audits
  • Considering legislative changes
  • If new quality requirements arise
  • Our Security team stays up to date with the latest vulnerabilities and patches to keep our infrastructure secure against attacks, such as recent attacks targeting SSL protocols.
  • Within our secure development process, during the continuous integration phase, all recent vulnerabilities identified by leading application security communities like OWASP and SANS are analyzed.
  • Thanks to constant monitoring, we can anticipate the detection of vulnerabilities, which we would formally notify to the client.
  • We also have a dedicated channel for reporting any potential incidents, whether internally or by clients (via our support channel or at security@bizneo.com).

  • The entire Bizneo HR team must be aware of and adhere to our Information Security Policy. We organize awareness sessions annually and provide continuous security training.

  • Each employee signs a confidentiality agreement at the start of their employment relationship with Bizneo HR.

  • We also evaluate our providers to ensure they meet our standards, and they must sign an agreement to comply with them.

  • We limit and control access to our systems and data. We define who can access resources and to what extent, ensuring that only authorized personnel have the necessary access to perform their tasks.
  • The Information Security System implemented at Bizneo HR follows the Principle of Least Privilege, which grants system users the minimum levels (or permissions) of access required to perform their duties. This aims to restrict access to information and resources strictly to what is necessary to complete a specific task.
  • This principle of least privilege ensures that each entity (whether a process, a user, or a program) can only access what is essential for its legitimate purpose, avoiding unnecessary privileges.
  • By limiting privileges, we reduce exposure to cyberattacks and prevent the "accumulation of privileges."

  • We have automatic autoscaling through Kubernetes, allowing us to respond within seconds to high traffic demands by quickly increasing the number of servers. Autoscaling is implemented on both the application servers and those responsible for processing our clients' information.

  • With these and other measures, we achieve an availability rate of over 99.5%; in fact, it has been nearly 100% in recent months.

  • The applications offered by Bizneo S.L as SaaS are fully run and hosted on Amazon Web Services (AWS).

  • The AWS services used are certified under ISO 27001, PCI-DSS Compliance, SOC 1, and SOC 2/SSAE, among others. More information about AWS security.

  • Bizneo HR relies on information systems. For this reason, we take appropriate measures to protect them from accidental or deliberate damage that could affect the availability, integrity, confidentiality, authenticity, or traceability of the information processed and the services provided.

  • Appropriate procedures and policies have been developed for handling and processing information, implementing encryption and protection measures to ensure the information's security at all times, during its storage and transportation.

  • Our databases are equipped with confidentiality and integrity controls to keep data at rest secure. These mechanisms are implemented on our servers, specifically using AES-256 GCM encryption algorithms.

  • Similarly, for data in transit, all data is always encrypted via HTTPS (with the corresponding SSL protocols: TLS 1.2 and 1.3).

  • For key management, we use AWS's managed KMS service. When generating keys, we rely on a hardware security module (HSM), which includes a deterministic random bit generator (DRBG validated by FIPS) fed by a true random number generator (TRNG) in the HSM hardware module that meets SP800-90B requirements. This is a high-quality entropy source capable of producing 20 Mb/s of entropy per HSM.

Backup: Bizneo HR maintains a backup system to enhance the security of all configurations and client data while minimizing reaction time in the event of an issue. This backup system has the following main features:

  • Frequency and retention: We have configured automatic daily full backups. Additionally, a database backup is retained for at least 1 year.

  • Backup type: AWS Snapshots are daily dumps performed at night and stored in long-term storage with encryption at rest. Point In Time Recovery. We never store files in the database. Files are stored in S3, and AWS itself provides file backup and redundancy. All files are stored in S3 buckets with the appropriate backup and replication configurations. This means data is stored separately from files.

  • Recovery tests: Weekly, these backups are deployed in controlled environments to ensure their reliability.

  • Backup platform and protection: The full backup is managed within AWS, where it is encrypted (both at rest using AES-256 and in transit using HTTPS with TLS 1.2 and 1.3).

Recovery: The company has established a procedure to address business activity interruptions, protect critical processes from the effects of major system failures, and ensure their immediate restoration. To this end, a business continuity plan has been implemented to mitigate the impact on Bizneo HR's infrastructure, and consequently on the company, and to recover information assets (whether due to accidents, equipment failures, deliberate acts, etc.), ensuring departmental processes achieve an acceptable level of continuity through corrective and preventive recovery measures.

  • The company has conducted a comprehensive risk analysis and obtained results that define its risk management approach. This analysis helps understand the impact of asset unavailability by determining their criticality and the likelihood of threats exploiting technical or procedural vulnerabilities, while also identifying interdependencies among assets.

  • Based on these results, situations that could cause business continuity interruptions are considered, and various scenarios are outlined. A scale of effects is established, and response actions are defined, taking into account existing controls where applicable to resolve interruptions.

  • Among other features, our infrastructure can be deployed in any region of Europe. Our daily backup could be restored on another AWS instance within less than 1 day (in case of a disaster affecting our main instance: EU-WEST-1).

  • The development methodology used at Bizneo HR is S-SDLC (Secure Software Development Life Cycle), which focuses on integrating security requirements into all phases of software development—from definition to verification before deployment.

  • This ensures that preventive measures to safeguard the security of information and systems are considered from the early stages of development, reducing friction and the cost of their implementation.

  • The key aspects of this methodology are attention to detail, early identification of vulnerabilities (monitoring the latest publications from major security communities like OWASP), and continuous improvement throughout the development cycle.

  • Bizneo HR complies with international security standards, as evidenced by our ISO 27001 and ENS certifications.

  • Additionally, to verify and provide further evidence of compliance, we undergo an external pentest at least once a year. The results are thoroughly analyzed to take all necessary actions in an ever-evolving field like cybersecurity.

  • We are also open to our clients conducting their own set of pentesting evaluations on Bizneo HR if needed. In such cases, it is advisable to inform Bizneo HR in advance to avoid initial connections being blocked as they might otherwise be identified as an attack.

We are fully committed to developing, implementing, maintaining, and continuously improving our Security Policy and the Information Security Management System (ISMS), ensuring ongoing enhancement of our security practices.

Top-tier Certifications

Do you want to know more about our policies?

Do you want to know more about our policies? You can also learn more about our practices and policies regarding Quality, Privacy, Cookies, Security, or Legal by clicking below.

Privacy & Legal

Contact us!

If you want more information about our policies or have any other questions, feel free to contact us through our support channel or via the following emails:

  • gdpr@bizneo.com
  • security@bizneo.com

We will be happy to answer all your questions!

Contact us
Bizneo HR Logo

Most recommended HR Software

  • Contact

    Linkedin icon LinkedinYoutube icon Youtube

  • How to start

    • Write us here

    • Would you rather call us?

    • HR software España +34 910 19 48 00