Checkapp Security

Checkapp users trust us with their HR data. This is not something that we take lightly. We combine enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected. And our users rest easy knowing their information is safe, their interactions are secured, and their businesses are protected.

Overview

The security of Checkapp cloud services encompasses multiple layers and many components, from policies and methodologies to service architecture; capability to detect potential fraud and service abuse, and user controlled service administration. Security capabilities and settings reside in the application and infrastructure layers, within the service delivery and operations processes, and the company’s security policies and governance practices.

The security of customer’s HR services is shared among customers, who manage their HR policies, user permissions, and login information, and Checkapp, who manages service delivery, architects and designs security into the product, and ensures physical and environmental security of the service. We employ a multi-layered security model, with security at the perimeter, at the service delivery layer, SSL on our web applications, tier 1 data centers, and settings in the interface that a customer controls.

In addition, Checkapp has security and fraud-prevention specialists with a security program that is based on industry best practices; our security program also includes communications fraud monitoring where we monitor customers’ service for anomalous requests that may be fraudulent.

User Service Administration

Checkapp’s cloud services include front-end settings that customers control to manage their HR policies and their users. These settings include: Adding/removing employees or managers, setting locations, setting tasks and others.

Application Security

Secure hash of customer PINs. Customer data is logically segmented in application databases.

Transmission Security

Checkapp utilizes SSLv3/TLSv1 to encrypt web session traffic.

Network and Infrastructure Security

Checkapp’s network and application perimeter is protected with firewalls and session border controllers. Administrative access requires authenticating through a production VPN gateway, then authenticating to local infrastructure systems. Only authorized personnel are given access to the production environment. Technology layers include intrusion-detection systems, system logs, and fraud analytics. Operational processes include system and service-level monitoring, system hardening, change management, and regular vulnerability scans.

Physical and Environmental Security

We host our services in data centers that undergo SSAE-16 and/or ISO 27001 audits. Our data centers share hosted facilities space with some of the world’s largest Internet companies and financial institutions. The geographic diversity of our locations acts as an additional safeguard, minimizing our risk of loss and service interruption due to natural disasters and other catastrophic situations.

Fraud Mitigation

The Checkapp service includes multiple layers to prevent and detect toll fraud, including access control, detection controls, usage throttling, and customer-controlled settings. In addition, Checkapp’s security specilisits performs active monitoring to detect and notify customers of anomalous patterns on their account.

Disaster Recovery

The Checkapp service is architected to support failover conditions in case of emergency. Our service is built with geographically distributed redundancy. Primary and backup locations remain online simultaneously, with a primary pod in active mode, and the secondary pod in standby mode. Database replication between locations is in real time, with failover being built into the service. If a primary location is unavailable, the backup location will continue service. In addition to infrastructure and application redundancy, we also have geographically distributed operations such that service operations can also continue if one location is not available.