Secure Architecture
Ensuring the security of your personal data is a top priority for us. Security at NovaWage is paramount. We employ both technical and organisational security measures to safeguard your information against manipulation, loss, or unauthorised access. Our goal is to protect your rights and ensure compliance with relevant data protection laws.
Application Architecture: Novawage HR’s multi-tiered architecture safeguards your HR data. Built with web applications in mind, it partitions functionality into distinct layers: presentation (browser), business logic (application server), and data (database). The presentation layer (browser) never interacts directly with the database; all communication flows through the business logic layer. This layered approach ensures stringent security for your data. Additionally, it verifies roles at every request, ensuring both data security and providing unauthorised access to sensitive information.
Data Encryption: Data security is our #1 concern. The software encrypts your data at rest and in motion by using the world’s most recommended encryption algorithm (AES).
User Authentication: Novawage keeps your data safe by making sure only the right people can see it. Users need a special username and password, or access through a trusted login service, to get in. For extra security, you can even set up an extra step to confirm if you're really trying to log in by using dual authentication, also known as multi-factor authentication or two-factor authentication (2FA).
27001:2013: Novawage's Information Security Management System (ISMS) is ISO 27001 certified, ensuring the protection of the company, our customers, employees, and third parties against information security threats. We comply with all applicable regulatory, legal, and contractual requirements, including GDPR and other data protection legislation.
Swissdec-certified payroll software: We're not just compliant; we hold Swiss Dec Vs certification, ensuring the utmost quality in HR data exchange between companies and social security institutions in Switzerland.
Secure Hosting - ISO 27001
Your data's security matters! With ISO 27001 certification, we ensure top-notch protection for your information and more compliance with GDPR. Our data centre in Switzerland guarantees multi-location backups and physically secure facilities in Lausanne and Nyon. We do a daily backup of your data. At Novawage, we own and manage all our hardware infrastructure, including servers, hardware, database firewalls, and more, ensuring complete control and security over your data and a single point of contact.
Internal system security: We utilise full SSL encryption, multi-location, data backups, and safe storage processes for private information. We also allow two-factor authentication for users.
Server Management Security: At Novawage, we maintain complete control over our servers, ensuring the utmost security for your data. Our servers, owned and managed by us, are located in our state-of-the-art data centre facilities in Switzerland. Our team has full access to these servers, enabling us to perform maintenance tasks, implement security updates, & perform backups autonomously. Rest assured, your data always remains under our supervision, ensuring the utmost protection without the involvement of any third-party entities.
Resilience: Before investing in a software-as-a service (SaaS) solution, it is critical to ensure that the solution is resilient & reliable. Our HR solution ensures high availability because we implement multi-location data backups & maintain physically secure facilities in Switzerland.
Data protection regulations / GDPR compliance
We are compliant with the provisions of articles 28(1), 32(1), and 32(2) in the sense that we have implemented “appropriate technical and organisational measures in such a manner that processing will meet the requirements of the Regulation." The measures put in place encompass various actions, which may include, but are not restricted to, the following:
All data is encrypted both when stored and when transmitted.
The personal data belonging to the controller (our client) is exclusively stored in cloud locations within our servers in Switzerland that provide robust physical and logical access protection. This includes stringent cybersecurity measures against viruses, malware, and denial-of-service attacks.
The controller (client) can adjust state-of-the-art authentication techniques to ensure confidentiality of data as needed to ensure continuous data privacy, including password length, complexity, and two-factor authentication.
Resilience of the processing system is ensured by employing multiple data centres, creating mirror copies of databases, and hosting servers in two different locations in Switzerland.
An appropriate and strong backup / recovery policy ensures the timely restoration of availability and access to personal data in case of a physical or technical incident, with periodic testing.
An auditing mechanism traces all the accesses and transitions in the system for each user, guaranteeing you a history of all changes to the database.
The system logs all changes made to personal data, including but not limited to user and terminal ID, date, time, and type of access attempt, success, or failure of the attempt.
Need to learn more? Check Novawage and the GDPR.