Our Top Priority is to Protect Your Data

All our solutions come with an integrated security approach encompassing a range of technical safeguards and complying with well-known data security standards to protect the integrity of your data.







User Access Control
Limit access to specific data with complex password rules, two factor authentication.
Sequential records of system history and computer events.
Includes 24×7 live guards, CCTV, UPS Generators, multiple provider fiber connections and multi factor access control with biometric.
Data Encryption
Secure data transmission with SSL/TLS encryption.
Disaster Recovery
Disaster recovery plan in the event of any business disruptions
1- hour Recovery Point Objective
4-hours Recovery Time Objective
Multiple pathways to minimize the downtime and keep the services running in the event of any failures.


The Workplaze application itself is functionally secured by configuring user group access to functions and data
independently and with granular access control.

Function Access Control

Configuration user access to allow read/update/add/delete access to functions and the ability to create more granular control levels.

Data Access Control

Limited access to certain types of data such as allowing a manager to see salary data of only direct employees, but to view schedules of employees in all departments. Such rules can be related to people, positions, relations or custom definitions.

Users are authenticated when an encrypted cookie is issued to their device. This cookie contains an encrypted token tied to their specific device.

  • Unable to open from two devices,
  • Expires after configurable period,
  • System verifies users’ validity during each transaction.

The application design passes all users access through a single authentication path while segmenting interface file transfers to a separate quarantine before processing.

– User / Password –
Standard Application Security

– Pin Token –
Pin Number Authorization

Multifactor Authentication –
Google Authentication, Email, Mobile Apps

– SSO –
SAML 2.0, OAUTH 2.0, ADFS, Azure AD

Function / Feature Access Right

Data Authentication Right

Action Access Right

Workflow Approval Right

Password Hash Funtion
SHA256 With Obfuscator Key (Unique)

File Encription
PGP Encryption

Database Encryption

Secure Channel

Access to the application is controllable by NIST SP 180-118 password rules, expiries, and device limitations and more. Passwords are stored in a single location and encrypted by one way hash meaning that no one is ever able to retrieve a password. A variety of configurable rules are implemented to ensure passwords are secure including:

  • Password complexity requirements,
  • Password reset frequency with no password reuse,
  • Blocking user and IP after repeated failed attempts.

SunFish Workplaze creates audit trails and event logs for all transactions as a component of the application architecture that cannot be disabled. Log access and usage including data types, time changed, user, data affected, old & new data.


Data encryption secures data against interception and unauthorized viewing. SunFish Workplaze provides multiple levels of data encryption:

  • SSL 256 bit data encryption for data transferred over the Internet;
  • Database field encryption for confidential data in the database;
  • Encryption of data back-ups;
  • Optional required VPN connection to servers.

Data At Rest

-File Encryption-
File store in secure file server

-Database Encryption-
Confidential data like payroll is
encryption with AES256 and Unique

Database Backup File is Encrypted with RSA Key

Data In Transit

-File Encryption-
PGP encryption (RSA2048)

-Data Transimission-
Web traffic transmission over Secure Sockets Layer (SSL) Using only strong security protocols Transport Layer Security (TLS)

Data In Use

-Application Authentication-
User / Password Biometric
Multifactor Single Sign On
Pin Token

-Application Authorization-
Role Based access right control all of funtion, data, and action

Internal & External Monitoring and Penetration Prevention

Monitoring of security groups, internal vulnerability assessment and third party white/black box penetration tests as well as third party security policy reviews.

DataOn also deploys an Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) that are configured to detect and prevent all security threats including and going beyond the top 10 OWASP vulnerabilities. All security threat events that are recorded by the two systems are monitored on a daily basis. The IPS and IDS rules and configurations are reviewed and updated regularly to ensure that the system protection is always up-to-date.

System hardening is undertaken on an ongoing basis and procedures are periodically reviewed. This includes monitoring of instances of intrusive attacks and making periodic adjustments to port rules, firewall configurations, and applying patches as released.

Secure Infrastructure

High Availability and Secure Infrastructure

Access to data is restricted at multiple levels through firewalls and IPS. Reaching the physical data store requires layers of subnets, which are physically segmented and have individualized security configurations. Considerable effort is taken to remove any single point of failure and to absorb multiple points of failure in more failure prone components.

All DataOn Humanica data centers are tier 3 facilities with 24/7 physical monitoring and access restricted to a small number of staff. DataOn Humanica maintains fully redundant reserved capacity for Disaster Recovery at other DataOn Humanica data centers with warm failover systems.


Development and hosting infrastructure teams undergo procedural audits for our ISO 9001:2015 certification every 6 months by Lloyd’s Register Quality Assurance. We also comply with the ISO 27001:2013 Information Security Management System which is audited annually by the British Standard Institution certification body.

You May also Like to Explore

Security Overview (PDF)



We have your back. Talk to us today.

Scroll to Top