At a time where customer data is predominantly digital, organizations are forced to find effective approaches to protect the privacy and integrity of handling information.
Sprout Solutions is committed to developing a great HR software for emerging markets and an extensive portion of work is dedicated to securing client data processes.
This includes the compliance of the Data Privacy Act (DPA) RA 10173, which protects the private information of customers by providing companies the proper guidelines for handling user data.
For more information on the DPA, you can read more about it on our blog.
How are we protecting your data?
Some of the data we handle is sensitive, so it’s of utmost priority to us. We take extra measures to keep client information secured by constantly working with our Information Security team to establish data privacy across all fronts.
- • We are currently undergoing ISO 27001:2013 compliance and certification
- • Dynamic scanning of live applications: Third-party Vulnerability Assessment and Penetration Testing (VAPT)
- • SSL encryption of data in transit
- • AES-256 encryption data at rest
- • Unique database per client
Enhanced Security Testing
- • Added security testing processes in all new features to ensure secure data
- • Added DPO sign-off on all new features before release
Sprout Support Team
- • Investigations are not done within client instances — we walk our clients to solve issues themselves
- • In a lot of other software companies, when clients need help, a support agent accesses their live account to check the issue. In Sprout, for issues that need deeper investigation, an authorized support agent accesses a temporary simulation of the account where all sensitive personal information is masked
Which Sprout features and services support your compliance with RA 10173?
As we strive to consistently integrate data privacy in our system, we want to keep our clients up to par with the same standards. These will assist you in your compliance:
- • Dynamic access levels: Admins can control the kind of information users are allowed to access based on their roles and permissions.
- • Import and export tools: Companies can access, import and export employee data.
- ○ Import: The new Employee Upload Template now has sensitive personal information masked for added security.
- ○ Export: The new Employee List Report has all the necessary fields to run any report on employee profiles. The searchable fields follow the user’s Access Level permissions.
- • Training records: One of the HR requirements of DPA is to provide ongoing training and awareness of data privacy. These trainings can be recorded in the Trainings section of the Employee Profile.
Advanced security-related features
- • Additional login security: To further strengthen our log-in security, we’ve added CAPTCHA and account lockout to help prevent brute force attacks. CAPTCHA appears after three failed login attempts and the account will be locked after five (5) failed log-in attempts. Accounts can be unlocked by the administrator by sending a reset password link to the user.
- • Explicit consent form: A company’s HR team is now tasked to secure explicit consent from employees for collecting their information. This will soon be automated in Sprout HR. Other than the consent clauses currently outlined in our Terms of Service, each new employee added into Sprout will receive a consent form upon first log-in.
Deletion request process
- • Sprout supports the deletion of employee profiles upon request by the client.
- • Any deletion requests directly received by Sprout from clients’ employees will be referred to the client.
Data privacy and security is critical to us and we constantly work to keep our services up to proper standards and free from breaches.
We regularly revise our privacy and terms pages to observe DPA requirements. You can access our pages on our website or at the links below.
We will be posting more updates on this page, so for more news on Sprout’s compliance with the DPA, you may check back here.