People Element utilizes a web-based application to host surveys and reporting tools. We are a Software as a Service (SaaS) provider. There is no installation of software required to conduct surveys, receive reports, or access the People Element Platform. The platform application is hosted in Amazon Web Services (AWS) E2 services infrastructure. AWS delivers a scalable cloud computing platform with high availability and dependability. We have a three-tier architecture and disaster recovery capability managed across regions in the United States. Our application allows for operation if a service interruption were to occur. Database Backups are taken daily, and DR Recovery time is 8 hours. Data stored in backups is encrypted using 256 bit AES encryption.
Data Privacy and Information Security – Our privacy statement can be found online at People Element Privacy Statement - People Element.
We are hosted on Amazon Web Services (AWS) and compliant with CSA, ISO, HIPAA, SOC and GDPR. To ensure GDPR compliance for international data transfers, we follow the Standard Contractual Clauses in our Data Processing Agreements.
People Element does not collect sensitive personal information such as social security, protected health information (PHI), or PCI data.
Authentication – Access is based on configurable roles using a strong email and password authentication. Single Sign On functionality is supported via SAML integration. Passwords are encrypted.
Information Security – We use a secure connection. All transactions are done over HTTP/s SSL secure channel encrypted. Data at rest is encrypted using RSA encryption methodology. Data in transit is encrypted using SFTP with minimum AES128 bit keys. The solution environment is protected behind a firewall and routinely monitored by both intrusion detection software and scanned for vulnerabilities through security software. Our production environment is fully segregated from corporate, development, and test environments. No third parties are involved or have access to client data.
System Monitoring – We use a combination of custom monitoring scripts; AWS based monitoring scripts, network sniffers to monitor performance, and intrusion and vulnerability detection software.
Secure File Transfer – We recommend that client data files be transferred to People Element utilizing a secure file transfer process (SFTP). You can save time and effort by configuring your HRIS to automatically extract and send your employee data to People Element via SFTP. The SFTP server is an Azure VM that receives unencrypted data from the remote systems using either SFTP with minimum AES128 bit keys, or FTPS protected by SSL/TLS connections with RSA keys. Automated IP blocking prevents abuse of connection. Data at rest is encrypted using SSE with PMK Encryption, Server-side encryption (SSE) to protect your data and to help you meet your organizational security and compliance commitments. Data in Azure managed disks is encrypted transparently using 256-bit AES encryption. Detailed technical documentation.