Data Protection

Application security is a fundamental issue for our customers and therefore, it has to be for us as well.

One of OpenHR's focuses of interest is the value of privacy as a priority and substantial element within companies, individuals and governmental institutions.

For this reason, data security is a very important issue among our actions, even becoming an ethical responsibility that we have acquired. Defending our clients' programs, data and communications when they connect with OpenHR is one of the foundations of our work.

GDPR

● All data is encrypted both on the servers and in transmission;

● All accesses to the system are monitored and logged. All modifications to personal data are logged and stored in a system audit.

● Personal connection data is stored directly in OpenHR, with our own programs and perfectly secured by us. We do not depend on other companies, which sometimes we do not know on which servers they store the connections.

● Our dedicated servers are located in the areas where their location is required by law, depending on each country. They are located in such hosting, both programs, databases and backups of these customers.

● We have several data centers, where we have servers dedicated only to OpenHR customers. We do not share servers with any other company, so our clients have their own database and software instances. This way we better ensure their privacy and security.

● The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident is ensured by an adequate backup/recovery procedure, which is periodically tested, with in-house and automated means.

● All security measures are reviewed, periodically, by our staff.


Data Encryption

The basic characteristics of the data communication system, i.e., of its sending or transfer to the servers where it will be hosted, are as follows:
 

●The communication system is based on SSL secure protocols, with HTTP with Strict Transport Security.

●Communications for transferring documents from the client to the system is based on VPN-SSL security standards.

● The entire website is certified, according to the most current standards, with SHA-256 fingerprinting.

Authentication

● To access OpenHR the user will enter their designator and password. They may authenticate directly with OpenHR, through our authentication program, or through an approved Single Sign-On (SSO) provider.

● Passwords are protected by OpenHR in our system, with no reliance on third-party software.

● In addition to the OpenHR authentication system, we can authenticate with Google, Azure, Linkedin etc. Authentication with third party platforms are done through third party proprietary software and we do not use software from other companies, to ensure proper GDPR compliance.

● If the user would like to authenticate through the aforementioned platforms, it will be the user who consents to their use for all purposes.

● In addition to the above platforms, OpenHR can authenticate with customer's own systems. Through LDAP, active Directory, or any other SSO that the client provides and authorizes.

●OpenHR supports mixed systems, where users who have their passwords in the company's internal systems can authenticate there, and others who are not in them can do so through external providers. OpenHR's own system can always be used in the event of downtime or restructuring of external systems.

● Passwords are protected by sophisticated hashing and salting techniques, including password reminder systems.

● Company managers can block user access or generate new passwords that will be sent to the user's email. The user can always request to re-generate their password and have it sent to their email at any time, either from the browser or from their mobile device.