We run all our infrastructure on Amazon Web Services (AWS) –one of the world’s largest and most secure cloud services platforms.  As recently as July 2016 AWS was ranked as the world’s leading supplier of cloud storage services in a Gartner report (https://aws.amazon.com/resources/gartner-2016-mq-learn-more/).

AWS has been built to meet the requirements of the most security-sensitive organisations, and is fully ISO 27001 compliant (https://aws.amazon.com/compliance/iso-27001-faqs/).

Data Protection Uk

As registered data controllers (https://ico.org.uk/ESDWebPages/Entry/ZA211852) we take data protection very seriously.  Your data is stored in UK-only data-centres and is encrypted both at rest and in transit using 256 bit SSL encryption.

We regularly assess our compliance with the Data Protection Act,


  • only holding information that is supplied by you, the customer
  • not sharing data with any third parties
  • securely deleting data that is no longer needed

We take backups of your data throughout the day and store these, for 30 days, in an encrypted format in our data centre.  These, together with the database change logs, allow us to implement point-in-time recovery should disaster ever strike.

We have built-in load-balancing and auto-scaling in our system architecture to ensure beHR remains available even if a server were to fail.

Application-level security allows beHR administrators to set fine-grained user and role-based permissions exactly as they need.  Additional security features available to our customers include:

  • Password strength reports to help administrators enforce good practice across their users
  • Two factor authentication including the use of one-time SMS access codes
  • Account locking rules
  • Comprehensive audit reports for all data changes

Our engineering team has many years of experience within the software development industry.  We are committed to shipping secure and robust software and follow industry-recognised best-practice including:

  • Full awareness of the OWASP top 10 security flaws and clear internal procedures on how best to avoid their introduction
  • Static code analysis tools run against every software build
  • Automated testing at all layers of the software to ensure high quality

This due diligence has resulted in beHR being awarded the Cyber Essentials accreditation, an independently verified self assessment run by HM Government. Further detail can be found here.