award icon From attendance to analytics, scale your HR with confidence

Security Policy

Connect with our experts
british paints
BSH
db schenkaer
JSW
Loreal
MUFG
pigeon
sharp
CEAT
IBK
Trident
TVS
Larsen
Larsen

Overview:

This page highlights the comprehensive security practices adopted by Timelabs to protect customer data and applications. Our security framework is built to prevent unauthorized access, safeguard against data breaches and cyber threats, and maintain compliance with global industry standards. It also outlines the shared responsibilities of customers to ensure the continued security and integrity of their accounts.

Contents:

  • checkmark Cloud Infrastructure & Network Security
  • checkmark Data Protection
  • checkmark Application Security
  • checkmark Backup & Recovery
  • checkmark Customer Responsibilities

Cloud Server Infrastructure & Network Security:

  • checkmark Tier 4 Datacenter – Our partner data centers are Tier 4-certified, offering the highest level of reliability and fault tolerance. With 99.95% uptime, they are designed for critical operations, such as those of banks, government agencies, and healthcare institutions.
  • checkmark Network Firewall to Prevent Unauthorized Access and Traffic – A firewall is a keystone of network security. It acts as a barrier between our trusted internal network and untrusted external networks. Through applied rule sets, it accurately manages incoming and outgoing traffic, offering protection against unauthorized access and potential malicious attacks. Rest assured; all our cloud servers are shielded by this formidable firewall.
  • checkmark DDoS Prevention – Distributed Denial-of-Service (DDoS) attacks can disrupt online services by flooding them with traffic from various sources. Our platform is equipped with robust DDoS protection mechanisms that swiftly detect and mitigate these attacks, ensuring uninterrupted service availability.
  • checkmark Anti-Malware and Ransomware Protection – Our servers are protected with Anti Malware and Ransomware tool. Anti malware tool detects prevent and remove malicious malware from the server. Ransomware is malware that encrypts files and lock system to access. Our Ransomware protection on server prevents such attack on server.
  • checkmark Isolated VPS – Our servers are hosted in an isolated environment, providing an additional layer of security. This isolation ensures that our infrastructure remains separate from others, minimizing the risk of unauthorized access or interference. Window firewall is configured to block any unauthorized traffic and access.

Data Security:

  • checkmark Isolated configuration – Each customer’s data is stored in a separate environment with unique service configurations and ports, ensuring data for each customer if in isolation and prevents unauthorized cross-access. Data access is strictly limited to authorized logins with multi-factor authentication. Timelabs does not share or use customer data for any purpose other than the intended usage.
  • checkmark Data Encryption In Transit – All data transmitted between systems, devices, or networks is encrypted using SSL/TLS (TLS 1.2 & TLS 1.3). Our application is accessed over HTTPS, ensuring that sensitive information remains protected while in transit.
  • checkmark Data Encryption at Rest – We implement Transparent Data Encryption (TDE) to safeguard data at rest in our SQL database. The database is encrypted using the AES-256 algorithm.
  • checkmark Data Removal Policy – Customer data is retained only for the duration of the active subscription. Upon service termination, data remains in storage for 60 days before being permanently deleted from both primary servers and backup repositories.
  • checkmark Data Masking – Employee's personal and sensitive data, such as Date of Birth (DOB), Aadhar, PAN, and Bank Account details, are masked within the application. Any user with view data permission cannot see such sensitive and personal information due to the data masking feature, providing an additional layer of security.

Application Security:

  • checkmark SSO – Our platform supports SSO (Single Sign-On), allowing users to authenticate once and access multiple modules seamlessly. Additionally, we support 3rd party single-sign on process like Microsoft Active Directory (LDAP) and SAML-based authentication (e.g., Okta), simplifying authentication while improving security. This simplifies user authentications and user gains application access to multiple modules without remembering & having to manage multiple credentials.
  • checkmark Strong Password Policy – We have a strong password policy for users having access to application. A strong password protects accounts from unauthorized access, brute-force attacks and password related security breaches. Our password policy contains the settings such as Minimum Password length, Complexity requirement, Password age and expiry, password encryption etc. We enforce a strict password policy for Admin/HR and Employees. This policy sets the strict rules and requirements for password creation and maintenance. By doing so, we prevent weak passwords and make it significantly more challenging for unauthorized users to gain access.
  • checkmark Application & Module wise User access – Application-based user access and module-wise permissions are key security measures in our application. It controls who can access which Module and what actions they can perform within different modules. With RBAC, 'Role Based Access Control', users gain access based on their role defined in the system. Once a user has access to an application, module wise permission defines what actions he can perform within different sections. View, Edi
  • checkmark Application Audit Logs – We record detailed records of user activities and system events within our application for specific sections. We ensure all important and major audit logs are recorded based on user activities. These logs help organization to track and monitor user activities, detect changes in records and maintain compliance with security policies.
  • checkmark Vulnerability Testing – We ensure that our application has no critical or high vulnerability issues. Customers are free to perform their own standards of VAPT at their end for Timelabs, and share the VAPT report with us. Our team reviews the findings to implement necessary security patches. We address and verify security weaknesses and release updates/patches taken as necessary corrective actions before any vulnerability can be exploited by attackers.

Backup and Recovery:

  • checkmark Backup Policy – Regular automated backups of data are essential for disaster recovery and ensuring data availability in unforeseen circumstances, such as hardware failures, data corruption, or cyber-attacks. We take measures to store backups in both local and cloud storage, better known as offsite backups, which are must for disaster recovery. Backup are stored on secure cloud storage services and encrypted with TLS 1.2. Daily database backups and weekly file backup are configured on server that ensure that we are ready for disaster recovery in any situation. Database backup contains last 3 days backup sets and file backup contains last 2 weekly backup sets. Automated alerts for backup services enable us to monitor daily activities on real-time basis.
  • checkmark Disaster Recovery – With a strong Disaster Recovery Plan data can be recovered and restored quickly and minimize losses during an unexpected event such as cyberattacks and hardware failure or human errors. We ensure business continuity by minimizing downtime and data loss.

Customer Responsibilities:

We implement appropriate security measures and comply with customer data protection standards. Once the implementation is completed and the account is handed over to the customer, it becomes the customer's responsibility to monitor application access and operation logs. Below are some key steps to enhance application security and prevent data breaches:

  • checkmark Change Password – Customers must change the default login password for the master account after the account handover. Strong passwords should be used, and credentials should not be shared. If shared for any reason, it should be changed immediately after the task is completed.
  • checkmark User Access Management – The customer is responsible for ensuring that users are granted access according to their roles within the system. Permissions, especially those allowing data deletion or modification, must be periodically reviewed and reverified. If any user deletes or modifies any data within the application with their logins, Timelabs shall not responsible for such changes & intentional incidents.
  • checkmark Keep the Portal Updated - Upon receiving a critical update notification, customers should promptly connect with the support team and provide a suitable timeframe for the software update installation. It is always advisable to keep the portal updated to latest version as periodically, with each update, bugs are removed and new features are added. This is only possible while the support subscription is ACTIVE.
  • checkmark Use the Latest Mobile App - Customers must ensure that employees use the latest version of the mobile app. Any issues arising due to an outdated app version will require an app update.
  • checkmark Use Updated Browser & OS - Always use the latest version of a compatible browser and ensure your operating system is up to date for accessing the Timelabs application securely.
  • checkmark Monitor User Sessions and Logs periodically – Regularly track user sessions and activity logs to detect any unauthorized access or changes in the application. Any suspicious activity should be reported to Timelabs immediately to prevent security incidents