Our number one concern is the security of your data

Everything we do from designing a new feature to making a change to a system to replying to support ticket begins and ends with security in mind. We follow best practise from such organisations as OWASP, Cloud Security Alliance, UK Information Commissioners Office to name a few to ensure that we make your data as secure as it possibly can be.

Security summary

  • Natural HR are accredited and externally audited to ISO27001
    • Note: This is VERY different to simply hosting in an ISO 27001 accredited data centre!
  • Natural HR are PCI-DSS compliant which includes quarterly vulnerability scans by an external organisation
  • All communication with the Natural HR application is encrypted using 256 bit SSL encryption
  • Hosted in secure UK facilities with 24/7/365 6 layer physical security as well as redundant network backbones, firewalls, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), dual power feeds, dual generators, dual UPS and dual air handling systems
  • All systems are protected by a dedicated 24/7/365 Network Operations Centre monitoring both hardware and software (as well as physical security, of course)
  • All servers are deployed in a highly available configuration with highly available SAN storage and individual servers all include RAID plus redundant power, cooling and network connections
  • Natural HR has been custom built from the ground up using industry accepted programming best practices and with security at the forefront of every design and development decision
  • All of your data is backed up every 12 hours to an off site secure storage location – this data is then retained for 30 days to allow us to recover to any point in time in the previous 30 days in the event of an unforeseen and unpreventable disaster

Everything in one place

No more spreadsheets, no more remembering multiple  logins



Security begins with YOU!

Probably not the first thing you were expecting to see but, none the less, it doesn’t matter how secure we make our systems if the weakest link is the user.

Below are some basic principles you should aim to follow:

  • Choose secure passwords, update them frequently and don’t use them on multiple sites, A good password:
    • Should NEVER be used elsewhere – in a recent attack, as many as 150 MILLION Adobe account details were stolen including email addresses and passwords – if you used the same email address and password here as on Adobe then our security would mean nothing. Someone could simply login “legitimately” by entering your username and password…
    • Should be at least 12 characters long – longer passwords make stronger passwords
    • Should not be based on dictionary words
    • Should not be based on something known about you such as a memorable date or pet name which can be easily guessed
    • Should not containing repetition – for example aaabbbccc
    • Should be made up of upper case letters, lower case numbers and, ideally, symbols
    • Should not be so hard that you won’t be able to remember it without writing it down
    • R-e4[Nph5ma1}(6V is a good password but you won’t remember it
    • Consider using a phrase instead and substituting letters for numbers or symbols – for example, I want to be at the beach could become iw2b@theBeach
    • If all else fails, consider adding some symbols and numbers to an easy to remember password – for example, instead of using snoopy you could use snoopy@12345
  • Keep your OS, web browser, security and other software (including things like Office or Acrobat Reader and so on) up to date
  • Be very vigilant when accessing websites that the URL (shown in the address bar at the top) matches what you expect to see – for example, does it show .net when it normally says .com, does it have a spelling mistake in it or maybe it has a dash you have not seen before? If you are not sure, leave the site immediately
  • If you receive a request on email or the phone for personal information (even if it is someone claiming to be from your IT department) make sure the request is authentic – call the person back or email them on a known address before disclosing any information
  • In your email client ensure you do not automatically download attachments
  • If you get an unexpected email or attachment even from someone you know be very careful – save them to your computer and check them before opening them.
  • Be careful how much personal information you put on social media sites about you and your family which could make “social engineering” easier – make sure you check and use the security and privacy settings on such sites
  • Make sure any network you connect is secure particularly wireless networks – change the default name, change the default password, use strong encryption, hide your network ID, disable auto connect and so on
  • If you are connecting via an untrusted network (such as a coffee shop, for example) make sure you are using a VPN to connect to your work systems
  • Immediately report any suspected security breaches to your security contact/ manager and/or the authorities.