Welcome to Part 3 of what you need to know about buying HR software series. In my first two pieces, I spoke about HCM systems and the formats they come in; point solution or full suite. I also spoke about the setups of full suite from a modular approach and how pricing models can work.
Now to move on to the fun stuff – cloud security. Well I think it's fun anyhow.
It's all about The Cloud
I am going to focus here on cloud hosting and not on-premise hosting. On-premise is where you host a solution yourself. In this day and age, on-premise hosting is outdated, just as outdated as Blockbuster. Any new developments from vendors are focused on cloud systems now, so if you want a wider variety of tools and solutions, it is cloud or nothing.
Now cloud has some great benefits. It basically means your business has no hosting requirements and that you can access the system completely online. It gives greater flexibility on when, where and how you can access your system i.e. tablets, computers or mobile phones. Cloud providers will typically use a third party to host their solution (most commonly AWS or Microsoft Azzure).
The key with any cloud solution that carries sensitive data, like a HR platform, is how secure is it?
While a great deal of the security falls on the third party hosting the data, it is important that the company also has their own security measures in place to protect the product itself, which is not covered by the third party. For instance the third party host will have protection to ensure hackers can’t get into the many systems they host, however the vendor needs to ensure that the product can’t be broken into with stray passwords.
To cover security, there is a simple industry standard –ISO27001. This standard is only achieved when the highest levels of cyber security are adhered to by a business over a set time. Typically, ISO27001 certification is all I.T will need to know about a vendor’s security, however you should dig deeper. Many vendors will claim to have ISO27001 certification on their hosting – but this does not extend to the product itself.
Anyone hosted on a large provider like AWS or Microsoft Azzure can claim ISO27001 certification for hosting. Ask though what about your product? Yes, great your large multi-national hosts carry this certification, but that doesn’t make the product itself as secure as it should be.
Here's a few other things to ask;
- Where is data hosted? If you are looking to buy from a US based company, is your data hosted in Australia or the US?
- If you have European based employees, how does the company deal with GDPR compliance.
- Where is your Disaster Recovery hosted?
Also ask yourself – what is the implication to the business in the event of a security breach? How will that affect the business. From there you will have a pretty clear understanding of how important security measures are.
If you really like a provider who is not ISO27001 certified, I.T will likely have a mountain of questions relating, not only to hosting, but also internal processes. For some businesses, this may be enough, but that is different from one organisation to another.
Keep an eye out for part 4 of this series, where I reveal the different types of hosting platforms you can choose from.
You've reached the end of this blog, now what?
Download this free eBook, "The Ultimate Human Capital Management Buyer's Guide", that shows you how to choose and implement the right HR software for your organisation's needs.
Oops! Something went wrong, did you fill in all the required fields?