Security and data protection

Trust proof for HR data, payroll inputs, employee documents, and audit-sensitive workflows.

EyeLogs HRM treats production HR data as tenant-scoped business data. Buyers should verify MFA, role access, storage, backups, audit retention, restore proof, and support owners before go-live.

Controls

What must be configured for production use.

RequiredTenant isolation and RBACEvery user, employee, document, payroll run, and audit row is scoped to the tenant and role permissions.

RequiredMFA and access lifecycleAdmin MFA, invite flow, reset flow, recovery codes, inactive user handling, and audit events for sensitive changes.

RequiredBackup and restore proofScheduled backup job, restore drill, checksum/manifest, named owner, and visible proof before handoff.

ImplementationDocument vault policyUpload size/type limits, retention, restricted document access, expiry review, and export ownership.

ImplementationAudit and monitoringLogin, import, payroll, document, role, support, backup, and UX events are available for review/export.

BoundaryNo unsupported certificationsNo SOC 2, ISO, HIPAA, statutory filing, or payroll processor claim unless separately contracted and evidenced.

Buyer proof

Ask for the security datasheet during procurement.

The datasheet gives the exact checklist for tenant isolation, MFA, backups, audit, documents, incident contact, and data handling.

Open datasheet

Procurement packet

What EyeLogs must provide before production approval.

Security questionnaireDeployment architecture, encryption approach, tenant isolation, RBAC matrix, admin MFA, password reset, access review, and audit export sample.
Data protection termsDPA or data handling agreement, data categories, retention, deletion request process, support access boundary, and customer export ownership.
Continuity proofBackup schedule, restore drill result, RTO/RPO target, incident owner, and recovery communication path.
Vendor risk boundaryNo SOC 2/ISO/HIPAA claim unless separately certified; unsupported certifications must not appear in proposals.