Security

At Zennith, we prioritise the security and confidentiality of your data. Our comprehensive security measures are designed to ensure the highest levels of protection for your sensitive employee information.

Product security

Password security:

Strong password enforcement: All users are required to create passwords with a minimum of 8 characters, including a mix of uppercase and lowercase letters, numbers, and symbols. This helps in safeguarding accounts against unauthorised access.

Password encryption: We use bcrypt for password encryption. This advanced security measure ensures that all passwords are stored in an encrypted format, enhancing the overall security of user accounts.

Permissions and access control:

Customisable access controls allow you to define and manage who has access to various levels of information within your organisation. This granular control helps in maintaining the integrity and confidentiality of employee data.

Two-factor authentication (2FA):

We provide support for 2FA to add an extra layer of security to your account. This ensures that only authorised users can access sensitive information even if login credentials are compromised.

Network security

Data hosting and management:

Our services are hosted on secure, cloud-based platforms with strict access controls. Only authorised personnel have access to production data. Our primary subprocessor, AWS, is certified under ISO 27001, SOC 2, and other industry-recognised standards.

Regular data backups:

We perform regular data backups to prevent data loss and ensure data availability in case of unforeseen circumstances.

Data encryption:

All data in transit and at rest is encrypted using AES-256, providing an additional layer of security to your data.

Real-time monitoring:

We employ advanced monitoring tools to detect anomalies, prevent unauthorised access, and ensure quick response to potential threats.

Additional security features

End-to-end encryption for sensitive data:

Sensitive employee data, such as bank details and salary information, is protected with end-to-end encryption. This means that such data is encrypted from the point of origin to the point of destination, ensuring its confidentiality and integrity.

Employee security training:

Our employees undergo annual security training to stay updated with the latest security protocols and best practices.

Confidentiality agreements:

All employees sign confidentiality agreements as part of their employment contracts to ensure the safeguarding of any sensitive information they might handle.

Regular security audits:

We conduct regular security audits and penetration testing to identify and address potential vulnerabilities proactively.

Cybersecurity partnership:

We collaborate with DarkShield, our preferred cybersecurity partner. DarkShield conducts periodic penetration tests, security assessments, and provides expert guidance to enhance our security posture.

Incident response and data breach management

We have a robust incident response plan in place to address potential security breaches:

  • Immediate containment and mitigation of the breach.
  • Notification to affected users and relevant authorities within legally mandated timeframes.
  • Thorough investigation and resolution to prevent recurrence.

If you suspect a breach or security incident involving your account, please contact our security team immediately at support@zennith.co.uk.

Physical security

Our data centres are protected with advanced physical security measures, including:

  • Restricted access using biometric authentication.
  • 24/7 surveillance and security monitoring.
  • Redundant power and cooling systems to ensure uptime.

Subprocessor security assurance

We carefully vet all subprocessors to ensure they meet our stringent security and compliance standards. Subprocessors are required to:

  • Implement equivalent or higher levels of security as Zennith.
  • Adhere to applicable data protection regulations.
  • Undergo regular security assessments.

Our subprocessors include:

  • AWS: Secure cloud hosting and data storage, certified under ISO 27001 and SOC 2.
  • Sentry: Performance and error logging to enhance service reliability.
  • Mailgun: Email delivery services ensuring communication security.

User security guidance

We recommend the following practices to enhance user security:

  • Use strong, unique passwords and update them regularly.
  • Enable two-factor authentication (2FA) for additional protection.
  • Avoid sharing account credentials and be vigilant against phishing attempts.
  • Securely offboard employees by promptly deleting their data when no longer required.
  • Contact our support team if you suspect any suspicious activity on your account.

Security inquiries and reporting vulnerabilities

We are committed to maintaining the highest standard of security. If you have any security-related questions or wish to report a potential vulnerability, please contact our security team at support@zennith.co.uk. We appreciate the efforts of researchers and users who help us strengthen our platform’s security.

Start for free