Security At Employee Navigator

Management Philosophy

Employee Navigator strives to be the only benefits and HR platform combining the highest level of security and compliance for protecting sensitive regulated data. Employee Navigator is audited annually for SOC2 Type II, HITRUST, NIST, GDPR, and 23 NYCRR 500 because security is our utmost priority. Employee Navigator's Chief Executive Officer (CEO) and Chief Technology Officer (CTO) provide oversight of the direction and objectives for Employee Navigator in accordance with security and availability principles.

The control environment for Employee Navigator reflects the philosophy of senior management with respect to the importance of providing the most secure and resilient HRIS platform for customers. The commitment to security and availability is demonstrated by Employee Navigator's security policies, which establish the operating and control framework for Employee Navigator. The development of these policies has taken into consideration industry standards and best practices for security and availability and has been reviewed and approved by the Executive Team. They are enforced by the CTO and Information Security Management. These policies have been published and communicated to all members of the Employee Navigator Team and is supported through the investment in resources, people, and technologies required for implementation and enforcement.

Meet our Security Chief

Find out what goes on behind the scenes with our Director of Security,
Audrey Dawson

READ MORE

Compliance Certifications and Regulations

SOC2 Type II

In an effort to provide our customers with a high level of comfort regarding the security of the data we are entrusted with, Employee Navigator holds an annual SOC2 Type II ...

HITRUST

In connection with efforts to adhere to and maintain a controls environment appropriate for Employee Navigator services to entities that may have specific regulatory ...

23 NYCRR 500

New York State has a leading position among states in terms of regulating cyber security and resilience setting a new standard for compliance and secure infrastructure ...

GDPR Certification

GDPR improves the protection of European data subjects' rights and specifies what companies must do to safeguard these rights. Employee Navigator is audited for GDPR compliance ...

Need More Peace of Mind?

How We Protect our Customers

Personnel Security

Employee Navigator follows a strict, formalized hiring practice verifying all potential new employees are qualified for the responsibilities of their job function. Employee Navigator conducts background checks, via a third-party vendor, on all new employees.

Information Security Managment

Employee Navigator has a Director of IT Security dedicated to protecting and monitoring the security posture of Employee Navigator. The Director of IT Security works in concert with the CEO and CTO to ensure controls are in place and operating effectively.

Access Management

Access to any and all Employee Navigator resources is tightly controlled and users are only granted access based on minimum level of access required to perform their role. All Vendors, Partners, Brokers, and Employee Navigator employees are required to utilize two-factor authentication when accessing the systems. Physical access to the data center and Employee Navigator infrastructure is expressly prohibited.

System Backup and Recovery

Storage management hardware and software are utilized to schedule and perform disk to disk on-site backups for Employee Navigator, data replication between datacenters daily, and a high availability (HA) client database cluster for continuous uptime.