Security matters
Workleap Onboarding is part of the Workleap product family. Workleap has 15,000 clients, in 110 countries using our solutions such as Sharegate and Officevibe. Our software meets all the required security standards of the countries in which we operate. You can see a general overview of the different security concerns we address in the article below. Please feel free to visit Workleap Trust Center, or to contact us to discuss our security practices in more detail.
SOC 2 Type 1
Workleap Onboarding has received a SOC2 Type 1 report. This report validates that our security controls are designed and implemented to the highest standards, offering our clients the assurance that their data is handled with the utmost care and in accordance with industry best practices. The SOC2 Type 1 audit is a rigorous assessment conducted by independent auditors, focusing on security, availability, processing integrity, confidentiality, and privacy of customer data. Contact us for more details.
GDPR
Workleap Onboarding is ready to handle any requests related to GDPR. Workflows are in place to ensure a fast response time on any formal request and our support team has been trained accordingly.
At Workleap Onboarding, our legal and security teams are hard at work, ensuring that all existing and new processes are compliant with the law.
You can find our privacy policy here: https://workleap.com/trust-center/onboarding-privacy/
Security within the organization
We have dedicated teams working on application and operational security with the full support of our management.
Vulnerability management
To manage vulnerability, we have internal pentests and secure code reviews. Vulnerability handling is covered by our internal policies to ensure a quick analysis and mitigation of any issue.
Data protection
All your data within the application is encrypted at rest using AES 256 and in transit using TLS 1.2. Databases are encrypted at rest.
When sensitive or personal data needs to be stored or cached, it is done with an additional application-level encryption layer.
Access controls
Access to administrative operations and production infrastructure is only granted to a few select engineers through Azure's Privileged Identity Management service with time restrictions and approval processes enabled. They must connect with Multi-Factor Authentication (MFA).
We will contact you to obtain explicit consent in the event our engineers require administrative access that could reveal any of your organization's data to resolve any issues you face with Workleap Onboarding.
Employee policies
All our employees get a background check and they get mandatory security training. We monitor conformity with the Azure Security Center.