What is the General Data Protection Regulation? (GDPR)
The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data. The GDPR comes into effect from 25th May 2018.
Taking data security and privacy seriously
- People who visit and use our Site
- Subscribers to our Services
- People who contact us
- Job applicants and our current and former employees
At AskHR Solutions, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights, as such we are committed to maintaining compliance with the GDPR.
Under any compliance regime, it is easy to state compliance but much harder to prove. To this end, we have taken the decision to implement an information security management system.
This helps us to ensure that the appropriate controls for the management of information are in place and that we are working to meet our legal and regulatory requirements, including those outlined in the GDPR.
To provide you with more information about the actions we are taking please see the documents below:
- Information Security Management System
- Policies and Procedures
Thank you for trusting us with your business and please be assured that we will always take the security and privacy of our client data very seriousl
Information Security Management System (ISMS)
Who is the legal entity behind AskHR Solutions?
AskHR Solutions operates and maintains an Information Security Management System (ISMS) to control its information assets appropriately. We implement human, organisational and technological security controls to protect our information assets (including personal data) from unauthorised access, unwanted disclosure, modification, theft / loss, denial of service attacks, or any other threat. AskHR Solutions has implemented and applies internal policies and procedures that support the ISMS. (As part of a management system these will be independently audited by external security specialists.)
AskHR Solutions uses a scalable cloud computing platform with high availability and dependability. To achieve end – to – end security and end – to end privacy all services are built in accordance with security best practices, privacy by design requirements and appropriate security controls.
How have you documented the Personal Data you hold?
AskHR Solutions has completed a full company wide information classification assessment, this allows us to understand the data in every part of our business (both our own data and that entrusted to us), the highest level of protection required for each of these data sets and how we can further implement controls to reduce the likelihood of an incident impacting these assets in the future.
How do you manage risks and incidents relating to information assets?
AskHR Solutions uses a formal information security risk management framework to identify and manage known or potential risks to the information assets within our business. Our risk management framework analyses each information asset against the possible loss of confidentiality, integrity and availability and defines appropriate controls. We operate a formal incident management process to identify, contain and recover from a security incident should one occur and uses this process to help prevent reoccurrence.
What training do your staff go through?
AskHR Solutions provides ongoing security awareness training for all staff and actively promotes the key principles of information security.
What legal, regulatory and contractual requirements do you operate under?
AskHR Solutions complies with all legal, regulatory and contractual requirements related to information security and adopts Irish law guidelines, industry standards and best practice for information security.
Policies & Procedures
AskHR Solutions has developed policies and procedures based on industry and vendor best practices to protect the information assets it keeps for our customers, partners and our own information assets. The communications and operations management is planned for and deployed with regard to the security of AskHR Solutions information assets and the operations of the whole information processing environment.
Our policy and procedures set standards for our information security controls, some examples being:
- Information security policy
- Clear desk and clear screen policy
- Asset management policy
- Cryptographic policy
- Access control policy
- Acceptable use policy
- Mobile computing policy
- Incident management procedure
- Information classification procedures
- Risk management procedure
- Document and records control procedure
- Corrective actions procedure
- Preventive actions procedure
Each policy and procedure support the required controls and how
AskHR Solutions manages its information.