Security of Officient

Officient offers companies a solution for centralizing HR data, automating administration, and increasing transparency in various HR processes.

Due to the sensitivity of the data stored in Officient, such as personal information and salary data, security is one of our highest priorities.


Officiently manages all user data via Amazon Web Services (AWS). All data is automatically backed up and stored redundantly. Thanks to our server and network infrastructure, Officient remains accessible even when hardware problems occur. We guarantee an uptime of 99.9% to continuously provide our services. All information about security measures taken by AWS can be found here.


Encryption is primarily used in the financial sector, but is also set up for all Officient accounts. This encryption is used for all external and internal connections, and guarantees that sensitive information can never be sent or received as readable text. Thanks to these advanced security measures, the data of Officient customers remains protected at all times.

Data Security & Privacy

Data privacy is essential for Officient. That is why all data is stored within the borders of the European Union. The data centres of AWS are distributed all over the world, but as far as the data in Officient (including backups) is concerned, this only applies to data centers in Ireland and Germany. AWS is fully compliant with the European Data Security Regulations (GDPR). Read here more about which data Officient stores.


Officient is available on any device, worldwide, with the exception of Internet Explorer 11 and earlier versions for security reasons. IE edge however is supported. Health checks and simple pings of the components are used to check if the functions are operational. Officient has a dedicated page where the status of our system can always be checked.

Release process

The Officient development team has implemented a structured release process:

  • Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.
  • Changes are communicated to the customer success team in a timely manner.
  • Test environments can freely be created upon request.
  • Changes are communicated to end users in-app.
  • There is no beta environment that contains newer features. Experimental features are released by feature flagging.

Data management

  • Specific features such as the calendar have their own version history by default.
  • Internal audit logs exist for each feature.

Security by design

  • The Officient development team checks for owasp's top 10 security risks by default.
  • A bug bounty program is actively used on the Officient platform, in collaboration with ethical hacking provider Intigriti. This method has already allowed the detection (and correction) of some minor security risks. The highest bounties are given when a hacker can access the data of another account, but these types of bugs have never been detected.
  • Screen advanced intrusion detection and RASP is active on the platform.
  • All access is based on roles by default.
  • 2FA Authentication is supported by default. 
  • Strong brute force protection on all endpoints for authentication is provided by auth0.
  • GDPR compliance by design: employees can view and modify their data. Employee data is also automatically deleted in accordance with the guidelines set by the applicable law of the corresponding country.

Responsible Disclosure Policy

At Officient, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Please check out our Responsible Disclosure Policy for more information.

Identity and Access Management (IAM)

Officient uses Auth0 as a service provider for authentication, and offers the following SingleSign-on (SSO) capabilities:

For employees

  • Authentication is possible via Office365, azure ad, gmail and other e-mail providers.
  • Additional security measures such as PIN codes and fingerprint authentication are setup after activating the Self Service.

For HR staff

  • Authentication is possible via Office365, azure ad and gmail.
  • Multi-Factor Authentication can be enabled.
  • Authentication by Okta can be provided on request. 

Integration possibilities

Officient has a simple, open and documented REST/json api. All information you need to connect to the API can be found here.
It is possible to use Webhooks with Officient.
Zapier integrations are also available to easily and quickly exchange data with other tools.

Officient meets the following integration requirements.

  • The platform has a well-documented API, with a simple and clear data model.
  • The platform has an API that allows CRUD operations on almost all data entities.
  • The platform has an API that only allows communication via encrypted communication channels (SSL/TLS).
  • The platform has an API protected by security measures optimized for machine-to-machine communication (e.g. api key, basic authentication, OAuth client credential flow...).
  • The platform has the means to notify external systems of changes that occur on internal data entities (e.g. training added) via standard protocols.
  • The platform has the possibility to resend communication in case it could not reach the external system.