Cybersecurity issues are a reality for virtually all businesses. That’s why PrismHR maintains a multifaceted security approach to safeguard the data of HR service providers and the businesses they support.
PrismHR’s security approach has maintained SOC 2 compliance since 2018, and we continue to strengthen our security protections and business continuity processes.
Information Security Compliant
PrismHR maintains System and Organization Controls Type 2 (“SOC 2”) compliance. This means PrismHR has demonstrated to an independent auditor that the PrismHR platform is designed to keep our customers’ data secure.
PrismHR Application Security
PrismHR employs multiple features to prevent unauthorized access to the system and your data, including multi-factor authentication, strict password rules, IP address control, and role-based security.
Data Monitoring & Encryption
Our platform is actively monitored 24/7/365 to protect against data breaches and cyberattacks. Access to your HR technology requires a secure connection. And PrismHR’s data is encrypted before being sent to or stored in the cloud to prevent it from being captured while in transit or at rest.
Data Center Security
PrismHR is hosted in a private cloud at a leading enterprise cloud provider. Our cloud provider adheres to the latest security, control and performance standards including ISO 27002 and 27001, PCI-DSS, SSAE16, SOC 1, 2, and 3 compliance, and Privacy Shield and Content Protection and Security Standard requirements. The provider is subject to regular third-party audits, making PrismHR’s security stronger every day.
PrismHR maintains and regularly tests business continuity, incident response, and disaster recovery plans. This process is designed to detect, resolve, and guide recovery from a security breach, and identify opportunities for improvement.
Continuous Improvements to PrismHR’s Security
PrismHR is committed to continuous security improvements and implementing learnings that increase our security posture beyond our existing high standard. That includes adding new state-of-the-art security tools and procedures.