Security and myhrtoolkit

Security and the protection of your data is paramount to myhrtoolkit, as an ISO 27001 certified and GDPR compliant company and software system.

Myhrtoolkit HR software has a number of security features built in which can be deployed as needed.

Password Strength

Passwords can be a common weakness in any user-driven system, and myhrtoolkit provides tools to help mitigate password driven security breaches. When a user changes password, they can see the ‘strength‘ of their password, and it is recommended that they aim for at least a ‘strong’ password. In Settings > Security Centre > Password strength and Password builder, the strength of user passwords can be checked and users prompted to change to stronger passwords as required.

Notes

• Further reading is available in the myhrtoolkit support article about password strength.
• Different methods of storing passwords (and their implications) can be found in this Guardian article concerning password security.

Password Challenge-Response

Myhrtoolkit provides an option for a challenge-response system for changing passwords. When using this, each user will be asked to supply answers in advance for a variety of different questions, e.g. ‘childhood nickname,’ ‘city or town where your parents met,’ etc. At least one answer should be given, but two or three is better.

When a request is made to change password, a question will be selected from those for which the user has given answers.

More information is available in the Enhanced Security support page.

Restricting Network Access

Your myhrtoolkit can be configured to only accept users operating from certain network locations. Navigate to Settings > Security Centre > Allowed IP addresses and enter the individual IP addresses.

Currently the input procedure does not allow IP ranges or network masks, only individual addresses.

Note – this is designed to be used with static IP addresses only, rather than dynamic.

Myhrtoolkit Security Statement

Please see the Security Statement.