Security White Paper

AutoCount HRMS provides Software as a Service(SaaS). Security is a key component in our offerings, and is reflected in our people, process, and products. This page covers topics like data and operational security to explain how we offer security to our customers.

What you'll find

Inside This White Paper

Data Center

Data hosting and Security

AutoCount HRMS utilizes Microsoft Azure as its cloud service provider for hosting and storing the Cloud HR Software and Database. The data center, situated in Southeast Asia (Singapore), benefits from Microsoft Azure’s robust security measures. These measures include layered protection across the physical data center, infrastructure, and operational areas.

Access controls are enforced at various levels, from the facility’s perimeter to the data center floor, which meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, SOC 2 and country-/region-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS.


Cyber Security

1. Security Measures

Hosted with Microsoft Azure (Singapore).
Azure public cloud services support the same technologies millions of developers and IT professionals already rely on and trust. When you build on, or migrate IT assets to, a public cloud service provider you are relying on that organization’s abilities to protect your applications and data with the services and the controls they provide to manage the security of your cloud-based assets.

Azure’s infrastructure is designed from facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security requirements.

In addition, Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments. This document helps you understand how azure security capabilities can help you fulfill these requirements.

For further information, please visit Microsoft Azure Security Introduction in link below:
https://docs.microsoft.com/en-us/azure/security/fundamentals/overview

2. External third-party risk assessment and penetration testing

AutoCount HRMS most recent penetration test was conducted by LGMS Berhad in July 2023. Please note that the audit reports are confidential and cannot be disclosed.

3. What are the data-at-rest security measures implemented to protect customer data?

All data has undergone BitLocker encryption within Azure’s Data Centers. Our databases benefit from two types of backups: a daily full backup occurring once a day, and incremental backups by Azure every 15 minutes.

Additionally, uploaded files are securely stored in Azure blob storage, with six online backups distributed across six different racks and two distinct regions.

4. Other Security Measures

AutoCount HRMS is protected using HTTPS and SSL which encrypts data during transmission ensuring data transmitted to Azure is always secured.

AutoCount utilizes Microsoft’s Defender for Cloud which is a unified infrastructure security management system that strengthens the security posture of data centers and provides advanced threat protection.

Passwords remain the primary means for online authentication and must be protected when stored on a server. We use hashing to scramble your passwords, with a properly designed algorithm, there is no way to reverse the hashing process to reveal the original password. Even an attacker who may have access to hashed passwords cannot reverse the hashing process.

5. Email Notifications Security

Yes, utilizing DMARC which is an email authentication protocol that helps prevent email spoofing, phishing, and spam.

6. Password Policy

AutoCount utilizes a global password policy that all users will be required to adhere to. Accounts will also be locked and require a password reset after 5 failed login attempts.

  • Passwords must be at least 8 characters long.
  • Passwords must have at least one special character. [!,@,#,$,%,^, etc.]
  • Passwords must have at least one digit ('0'-'9').
  • Passwords must have at least one uppercase ('A'-'Z').

7. Access Control

AutoCount HRMS system will allow the “Subscriber User” (Main Admin) to assign and provide the access rights to their appointed “Payroll Users” (Admin). With a wide range of access controls, you can manage and control which users have access to different aspects of the system. Our Support Specialists will not have any access to a client’s confidential data unless provided or initiated assistance via our support channels. AutoCount will always adhere to the ISO 27001 standard to protect client’s data.


ISO / Regulatory Compliance

ISO and Regulatory Compliances

AutoCount has been awarded the ISO 27001:2022 certification. This internationally recognised standard ensures we meet the needs of our customers through an effective information security management system by protecting the confidentiality, integrity, and availability (CIA) of information assets from increasingly sophisticated attacks.


System Integration

1. Integration with external identity providers

AutoCount HRMS supports most available 2FA applications. However, we do recommend 2-factor authentication using Microsoft or Google Authenticator app.

2. API integration Support

Yes, Integration requires token keys which are generated by users and users can limit the access of each token as they need.


System SLA

1. Customer Support Response and Service Resolution Time

Customer support has an average response time of 10 minutes for online live chat and phone calls, during normal working hours.

Customers can leave a message online outside of working hours via live chat and email support and the support team will contact them on the next working day.

9:00am - 6:00pm (GMT +8) Monday to Friday excluding Malaysian public holidays.

2. Data Backup and Retention Policy

AutoCount HRMS has an automated backup process, consisting of a 15-minute incremental backup and a daily full back up.

We offer convenient data access, ensuring your information remains confidential. Your data will never be shared or sold without your consent. As long as your account is active, you’ll have full access to your information.

For expired subscriptions your data will be available for access up to 7 years after the expiration of the subscription. However, report file generation is limited to government reports only.

3. Service Availability

AutoCount HRMS is ISO27001 certified to ensure our 99.9% availability, we have implemented multi regional backups and mirroring, automated multi-instance servers, daily Azure security audits, and strict policies of access right to our servers from disruptions and unscheduled downtime.