Enterprise-grade security to help protect your team and your data.
You trust Workforce Edge to help your team manage
tuition assistance, stay in sync, feel connected, and get more done.
Our most important job is to keep your data safe along the way.
Workforce Edge undergoes yearly penetration tests, is designed
to be SOC2 Type II compliant, and utilizes industry best-practice for
encryption at rest and in transit.
SOC 2 Type II
Workforce Edge uses Vanta to perform continuous compliance
monitoring, and is audited against SOC 2 Type II for security,
confidentiality, and availability in the AICPA 2017 Trust Services
Criteria.
A copy of the latest report is available for
enterprise customers under a Mutual NDA. Please contact us to learn
more.
Security Practices
Our ongoing commitment to deliver you peace of mind
Confidentiality
Workforce Edge is committed to ensuring that Customer Data is
not seen by anyone who should not have access to it. We have audited
controls and policies that govern our employees’ access to production
systems.
Environment
Workforce Edge uses Heroku for the hosting of our services.
Heroku Data Center’s physical infrastructure is hosted and managed
within Amazon’s secure data centers and utilizes Amazon Web Service
(AWS) technology. Amazon continually manages risk and undergoes
recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under:
ISO
27001SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type
II)
PCI Level 1
FISMA Moderate
Sarbanes-Oxley
(SOX)
Encryption
All Customer Data is encrypted both at rest and in transit, and
Workforce Edge utilizes AES256. All encryptions shall be performed in
accordance with industry standards, including NIST SP 800-57. Services
are reachable exclusively via HTTPS with TLS 1.2 or higher. We are
careful to make sure no resources are loaded from plain HTTP sites. We
have HSTS configured to one year. ALB certs are issued by AWS, backend
certs are issued by COMODO.
Network Protection
Production servers and databases are hosted in a dedicated VPC
and are not publicly accessible. All servers are configured with
two-factor authentication and all unnecessary ports are blocked by
Heroku Security Groups. Workforce Edge performs monthly vulnerability
scans.
Backups
Workforce Edge’s databases operate in multiple availability
zones and have several layers of backup and replication. Primary
databases have automatic backups, with point in time recovery, and
additional snapshots taken every two hours and stored in a second
region.
Incident Response
Workforce Edge will promptly and properly notify customers,
partners, users, affected parties, and regulatory agencies of relevant
incidents or breaches in accordance with our policies, contractual
commitments, and regulatory requirements. Our Incident Response Plan
is reviewed and tested at least annually.