Your people data, protected like your financials.
Security isn't a feature at NepalHRM — it's the foundation. Here's exactly how we protect your data.
Built on industry-standard practices.
Tier-III hosting
ISO 27001-certified data centers with geo-redundancy, DDoS protection, and 24×7 monitoring.
Encryption everywhere
TLS 1.2+ in transit. AES-256 at rest. Encrypted backups and document storage.
Role-based access
RBAC, field-level permissions, MFA, SSO/SAML for Enterprise, IP whitelisting.
Least-privilege ops
Background-checked team. Access to customer data is logged and justified.
Audit logging
Every sensitive action is logged with user, time, and IP — exportable on demand.
Daily backups
Encrypted backups retained 30 days. RPO 24h · RTO 4h · annually tested.
Continuous testing
SAST, SCA, DAST in CI. Annual third-party penetration testing.
Privacy by design
GDPR-ready DPA. Subprocessor list. Nepal Electronic Transaction Act compliant.
Incident response
Documented playbook. Notifications within 24 hours of confirmed incidents.
Shared responsibility
Security is a partnership. We secure the platform; you secure how your team uses it.
NepalHRM's responsibilities
- • Platform security, uptime, and patching
- • Infrastructure, network, and data-center security
- • Encryption, backups, and disaster recovery
- • Vulnerability management & penetration testing
- • Incident detection & response
Your responsibilities
- • Enforcing strong passwords & MFA for your users
- • Assigning least-privilege roles
- • Keeping your employee directory current
- • Reviewing audit logs periodically
- • Reporting suspected incidents promptly
Found a vulnerability?
We welcome responsible disclosure. Email security@nepalhrm.com with a description and steps to reproduce. We acknowledge within 24 hours and work with you to resolve and credit (if desired).
Ready to talk security with your team?
We're happy to walk your security team through our controls, share our DPA, or respond to a security questionnaire.
No credit card · 30 minutes · Straight talk