Technology has surely changed and is still changing our perception of the term ‘Human Resource Management’ as enterprises around the globe successfully adopt Human Resource Information Systems. However, while choosing an HRIS or HRMS (Human Resource Management System) the decision makers primarily consider the solution’s ability to deliver its Return on Investment (RoI). In most cases, the decision makers finalizing the purchase are either CxO’s or HR Heads who primarily consider the cost of ownership or the features offered as the only criteria for choosing an HRMS.
Today’s blog is dedicated to questioning such a trend of judging a technological solution without involving the CTO (Chief Technical Officer).
Why involve the CTO?
An HRIS delivers upon its value by leveraging a database or server in which all the organizational data is stored. These servers being either ‘On-premise’ or on ‘Cloud’, have an inherent Network Security threat which is taken care of by the HRMS vendor.
This is exactly where your Chief Technical/Technological/Information Officer or any other such staff is required in deciding what is best for you. The vendor could boast of many security measures while pitching their solution. However, would you disagree that it’s always better to be safe than sorry?
Thus while choosing any HRIS well-informed decision-makers should evaluate its Data Security feature based on the following criteria:
Physical data location –
- Whether it’s a private cloud or public cloud? – In comparison to Public clouds, Private clouds are very expensive to establish and maintain. Private clouds are like having your own Shopping mall when you need only a showroom. However, public clouds offer the same facilities of the mall at the fraction of the price by renting out the unused shops. In reality, Public clouds allow other subscribers to use the same datacenter to maximize IT resource utilization and thus minimize the cost of a subscription to extremely affordable levels.
- Data Center Security & Access control: Cloud service providers in the Public domain, should also be able to demonstrate adequate hiring, oversight and access controls to enforce administrative delegation. If it is a public cloud, you should consider asking where their data centers are located and if they can commit to specific privacy requirements.
Unauthorized data access –
- What are the different levels of security measures? – Any database or server may be secured against hacking or unauthorized access attempts at three different levels of the solution – Network security, Web application security and Database security. In addition to this multi-layer security, anti-virus support and multi-tenacity architecture of the application is an added bonus, which most HRIS providers don’t even speak of.
- What is the type of encryption used for data transfer? – SSL stands for ‘Secure Sockets Layer’ and ensures that the application server communicates only with the authorized users. Cloud providers should ideally deliver a minimum of 128-bit session encryption and optimally 256-bit encryption, using SSL from an established, reliable and secure independent Certification Authority (CA). Self-signed SSL certificates are just an eye-wash used by many HRIS vendors.
Business Continuity Plan (BCP) – Gartner states that “any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to total failure,” and that “any cloud subscriber has a right to know if the cloud provider is able to completely restore data from backups or duplicates, and how long it will take.” Thus a full-proof BCP is absolutely mandatory for any HRIS provider.
These are questions which could confuse you in case you haven’t heard them before. But thank God, that at least now you know. However, just like incomplete information is worse than ignorance, stay tuned for the second installment of this blog where we would discuss all technical terms used in this blog in the layman’s language. So that even if you belong to a small or medium scale enterprise, lacking the know-how of a CTO/CIO – you are able to choose your HRMS wisely. In the second part, we would also explore how PeopleWorks matches up to the industry standards and best practices of Data Security, we mentioned here. In the meantime, if you want to know more about PeopleWorks visit us at www.peopleworks.in or connect through Facebook, Twitter or LinkedIn.