Security in Officient

Officient offers companies a solution for centralising HR data, automating administrative tasks and increasing transparency throughout various HR processes.

Due to the sensitivity of the data stored in Officient, such as personal data and wage information, security is one of our highest priorities.

Reliability

Officiently manages all user data via Amazon Web Services (AWS). All data is automatically backed up and stored redundantly. Thanks to our server and network infrastructure, Officient remains accessible even when hardware problems occur. We guarantee an uptime of 99.9% to continuously our services up and running. All information about security measures taken by AWS can be found here.

Encryption

Encryption is mainly used in the financial sector, but is also set for all Officient accounts. This security is used for all external and internal connections and guarantees that sensitive information can never be sent or received as readable text. Thanks to this advanced security, the data of Officient customers remains protected at all times.

Data Security & Privacy

Data privacy is essential for Officient. That is why all data is stored within the borders of the European Union. The data centres of AWS are distributed all over the world, but as far as the data in Officient (including backups) is concerned, this only applies to data centers in Ireland and Germany. AWS is fully compliant with the European Data Security Regulations (GDPR). Read here more about which data Officient stores.

Availability

Officient is available on any device, worldwide, with the exception of Internet Explorer 11 and earlier versions for security reasons. IE edge however is supported. Health checks and simple pings of the components are used to check if the functions are operational. Officient has a dedicated page where the status of our system can always be checked.

Release process

The Officient development team has implemented a structured release process:

  • Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.
  • Changes are communicated to the customer success team in a timely manner.
  • Test environments can freely be created upon request.
  • Changes are communicated to end users in-app.
  • There is no beta environment that contains newer features. Experimental features are released by feature flagging.

Data management

  • Specific features such as the calendar have their own version history by default.
  • Internal audit logs exist for each feature.

Security by design

  • The Officient development team checks regularly for owasp's top 10 safety risks as standard practice.
  • A bug bounty program is actively used on the Officient platform, in cooperation with the ethical hacking provider Intigriti. This collaboration has already ensured the detection (and correction) of some minor security risks. The highest premiums are awarded when one can access the data of another account, but these types of bugs have never been detected.
  • Sqreen advanced intrusion detection and RASP is active on the platform.
  • All access is based on roles by default.
  • Authentication with 2FA is supported by default. 
  • Strong brute force protection on all endpoints for authentication is provided by auth0.
  • GDPR compliance by design: employees can view and modify their data. Employee data is also automatically deleted in accordance with the guidelines determined by the law of the applicable country.

Identity and Access Management (IAM)

Officient uses Auth0 as a service provider for authentication, and offers the following SingleSign-on (SSO) capabilities:

For employees

  • Authentication is possible via Office365, azure ad, gmail and other e-mail providers.
  • Additional security measures such as PIN codes and fingerprint authentication are setup after activating the Self Service.

For hr staff

  • Authentication is possible via Office365, azure ad and gmail.
  • Multi-Factor Authentication can be enabled.
  • Authentication by Okta can be provided on request. 

Integration possibilities

Officient has a simple, open and documented REST/json api. All information you need to connect to the API can be found here.
It is possible to use Webhooks with Officient.
Zapier integrations are also available to easily and quickly exchange data with other tools.

Officient meets the following integration requirements.

  • The platform has a well-documented API, with a simple and clear data model.
  • The platform has an API that allows CRUD operations on almost all data entities.
  • The platform has an API that only allows communication via encrypted communication channels (SSL/TLS).
  • The platform has an API protected by security measures optimized for machine-to-machine communication (e.g. api key, basic authentication, OAuth client credential flow...).
  • The platform has the means to notify external systems of changes that occur on internal data entities (e.g. training added) via standard protocols.
  • The platform has the possibility to resend communication in case it could not reach the external system.
customer stories

More than 5000 companies choose Officient

View customer stories
"Officiently is the most effective solution to scale your HR organization."
Thibaut Vanderhofstadt
CEO & Co-founder Sortlist
"The purchase of Officient was a no-brainer. As an SME owner, I had to do a lot of payroll administration myself. While now most of these processes can be automated."
Stijn Blomme
business manager web box
"We love the integrated approach of having all employee data in one place. We can now get contracts signed electronically. This is mastering HR administration on a whole new level."
Marc De Swaef
Managing director ACCEL
"Officient offers us a user-friendly overview of all our HR data and a way to quickly gain insights."
Evelyn Broeckx
Office manager Foreach
"Thanks to Officient, we can manage the entire hard side of HR (contracts, payroll information, personal data...) with one platform."
Fé Zenner
HR & finance manager intuo
"Officient is a very intuitive solution. We are still amazed by the positive impact it has had on the operation of our office and HR management."
Steven Pepermans
COO & co-founder Dropsolid