Security White Paper

Customers retain full control over their accounts, managing user access based on subscribed headcounts. Super-admin roles regulate access privileges to specific modules and functionalities. Our software support personnel access customer information solely upon request through formal channels — such as a ticketing system or phone call — prioritising data protection and security.

We continuously refine access control protocols to grant users the necessary access without compromising data security, ensuring the safety of sensitive information handled within our HRMS.

Access to PeopleCentral is granted through standard login credentials. As an added layer of security, Two-Factor Authentication (2FA) is available, requiring a One-Time Password (OTP) generated and sent to the user's smartphone.

Access and audit logs provide transparency, allowing customers to monitor their employees' login activity. We periodically review and update our authentication policies in alignment with evolving security standards.

All data transmitted between customers and the PeopleCentral cloud environment is encrypted using TLS 1.2 or higher protocols. For data storage, we employ 256-bit Advanced Encryption Standard (AES).

Our web-based applications utilise end-to-end encryption with SSL certificates as a default security measure. The cloud application employs supplementary security layers including Multi-Factor Authentication and secure HTTPS to fortify data transmission to Azure and AWS.

PeopleCentral engages Microsoft Azure and Amazon Web Services (AWS) as cloud service providers, hosting and storing all data in a Tier-4 data centre situated in the South-East Region (Singapore). Both Azure and AWS implement a multi-layered security approach across physical data centres, infrastructure, and operations.

The Tier-4 data centre offers optimal security through multi-tiered access control mechanisms — from facility perimeter to internal data centre access — each undergoing stringent scrutiny to safeguard against unauthorised access or breaches.

Our office premises are under 24/7 surveillance. We implement multiple layers of network controls including firewalls and network segregation, ensuring robust access controls. Routine preventive maintenance — including software and antivirus updates — is conducted according to established schedules.

PeopleCentral leverages Microsoft Defender Advanced Threat Protection and Amazon GuardDuty to fortify our network against potential threats.

We conduct both internal and external Vulnerability Assessment and Penetration Tests (VAPT) at specified intervals for all applications, APIs, and servers. Internal assessments occur once every three months; external assessments are conducted once a year.

These evaluations serve to identify and rectify vulnerabilities, shielding our networks and systems from potential cyber threats.

We possess a well-defined incident management process and an emergency response team responsible for managing security incidents. In the event of a potential data breach, we will assess the breach and implement notification protocols to inform impacted parties within 24 hours of determining that the breach is likely to cause substantial harm.

All employees undergo security awareness training emphasising data protection practices. Onboarding includes a Data Protection Management Programme granting access to internal security policies. Regular communication reinforces security protocols and best practices.

We maintain regular 7-day database backups and implement server redundancy measures. Data remains in customers' accounts as long as they utilise PeopleCentral services.

Upon account termination, data is securely deleted from the active database after a 30-day grace period, with prior notice to the customer. We strictly adhere to established timelines for data retention and deletion to honour privacy commitments.

PeopleCentral is ISO 27001:2022 certified. This certification is specifically focused on the PeopleCentral ISMS and measures how our internal processes follow the ISO standard. Services included in the scope of certification include Payroll, Leave, and Appraisal.

Certification means a third-party, accredited, independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO 27001 standard.

DPO Officer: Ravinder Pal Singh | ravi@peoplecentral.co | +65 6837 2336