Security Policy Security

Enterprise-grade security to help protect your team and your data.

Our Commitment

You trust Workforce Edge to help your team manage tuition assistance, stay in sync, feel connected, and get more done. Our most important job is to keep your data safe along the way.

Workforce Edge undergoes yearly penetration tests, is designed to be SOC2 Type II compliant, and utilizes industry best-practice for encryption at rest and in transit. 

SOC 2 Type II
Workforce Edge uses Vanta to perform continuous compliance monitoring, and is audited against SOC 2 Type II for security, confidentiality, and availability in the AICPA 2017 Trust Services Criteria.

A copy of the latest report is available for enterprise customers under a Mutual NDA. Please contact us to learn more.


Security Practices
Our ongoing commitment to deliver you peace of mind

Confidentiality
Workforce Edge is committed to ensuring that Customer Data is not seen by anyone who should not have access to it. We have audited controls and policies that govern our employees’ access to production systems.

Environment
Workforce Edge uses Heroku for the hosting of our services. Heroku Data Center’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
ISO 27001SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
FISMA Moderate
Sarbanes-Oxley (SOX)

Encryption
All Customer Data is encrypted both at rest and in transit, and Workforce Edge utilizes AES256. All encryptions shall be performed in accordance with industry standards, including NIST SP 800-57. Services are reachable exclusively via HTTPS with TLS 1.2 or higher. We are careful to make sure no resources are loaded from plain HTTP sites. We have HSTS configured to one year. ALB certs are issued by AWS, backend certs are issued by COMODO. 

Network Protection
Production servers and databases are hosted in a dedicated VPC and are not publicly accessible. All servers are configured with two-factor authentication and all unnecessary ports are blocked by Heroku Security Groups. Workforce Edge performs monthly vulnerability scans.

Backups
Workforce Edge’s databases operate in multiple availability zones and have several layers of backup and replication. Primary databases have automatic backups, with point in time recovery, and additional snapshots taken every two hours and stored in a second region.

Incident Response
Workforce Edge will promptly and properly notify customers, partners, users, affected parties, and regulatory agencies of relevant incidents or breaches in accordance with our policies, contractual commitments, and regulatory requirements. Our Incident Response Plan is reviewed and tested at least annually.