Security

We use Effortless Admin every day to administer the employee benefits of thousands of Canadian employees. Ensuring our platform remains secure and protecting your information is our highest priority. Our goal is to provide you with a secure environment, while being mindful of application performance and overall user experience.

Our security strategy covers all aspects of our business, including:

  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of our platform architecture
  • Systems development and maintenance
  • Corporate security policies & procedures

If you have questions regarding our security, we would be happy to answer them. Please email us at privacy@effortlessadmin.com.

Confidentiality

We place strict controls over our employees’ access to your data. We are committed to ensuring that Customer Data is not seen by anyone who should not have access to it. The operation of our services requires that some employees have access to the systems that store and process Customer Data. For example, in order to diagnose a problem you are having with the Effortless Admin services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so.

Personnel Practices

Effortless Admin conducts background checks on all employees before employment, and employees receive regular privacy and security training. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Effortless Admin services.

Incident Management & Response

In the event of a security breach, Effortless Admin will promptly notify you of any unauthorized access to your Customer Data. Effortless Admin has incident management policies and procedures in place to handle such an event.

Security in our Software Development Lifecycle

Effortless Admin uses the git revision control system. Changes to Effortless Admin’s code base:

  • go through a suite of automated tests
  • go through a round of manual tests
  • are manually reviewed and tested by a senior developer

When code changes pass our acceptance process, the changes are first pushed to a staging server wherein Effortless Admin employees are able to perform a final round of tests before pushing the change to our production servers and our customer base. Effortless Admin developers also have the ability to “cherry pick” critical updates and push them immediately to production servers.

Security at the Effortless Admin office

We monitor the availability of our office network and the devices on it. We collect logs produced by networking devices such as firewalls, DNS servers, DHCP servers, and routers in a central place. The network logs are retained for the security appliance (firewall), wireless access points, and switches.

Effortless Admin Architecture & Scalability

Scalability/Reliability of Architecture

Effortless Admin uses Microsoft Azure to manage platform data. The architecture of the database has been designed with built in redundancy to seamlessly withstand hardware failure. As an extra precaution, we take hourly snapshots of the database and securely move them to a physically separate server so that we can restore them elsewhere as needed.

We currently host data in secure, compliance-audited data centers via Microsoft Azure in Canada.

Encrypted Transactions

Web connections to the Effortless Admin service are via TLS 1.1 and above. We support forward secrecy and AES-CBC, and prohibit insecure connections using TLS 1.0 and below or RC4.

Effortless Admin Information Security

All laptops and workstations are secured via full disk encryption and centrally managed. We diligently apply updates to employee machines and monitor employee workstations for malware. We also have the ability to apply critical patches and remote wipe a machine.

Data Center Security

Microsoft Azure employs a robust physical security program with multiple certifications, including SOC 1, 2, 3 (SSAE 16) and other certifications. For more information on Microsoft Azure’s physical security processes, please visit the Microsoft Trust Center.

Information Security Management System (ISMS) Policy

Effortless Admin’s Information Security Management System (ISMS), which describes how we handle data input into Effortless Admin, can be found at https://effortlessdev.github.io/policies/.

Terms of Service & End User License Agreement (EULA)

Effortless Admin's End User License Agreement (EULA), which is the contract between Effortless Admin and the user of the platform, can be found at https://www.effortlessadmin.com/eula.

Availability

We are committed to making Effortless Admin consistently available to you and your company. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted. You can always monitor our availability at our platform status page at https://www.effortlessadmin.com/status.