At Team APAC, we prioritize your data security. To ensure best-in-class protection, we partner with NEO, our core onboarding and workforce platform, which has been built with enterprise-grade security in mind.
Product security
SSO
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
Permissions
We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, user data or the ability to send tasks or access reports.
Network and application security
Data Hosting and Storage
NEO services and data are hosted in Amazon Web Services (AWS) facilities in the EU.
NEO was built with disaster recovery in mind. All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centers fail.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Back Ups and Monitoring
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
NEO uses AWS’s backup solution for datastores that contain customer data. On an application level, we produce audit logs for all activity. All actions taken on production consoles are logged.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. NEO is served 100% over https. We have Single Sign-on (SSO) and strong password policies on GitHub, Google, AWS and Intercom to ensure access to cloud services are protected.
Encryption
All data sent to or from NEO is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
Pentests and Vulnerability Scanning
NEO uses third-party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised. Twice yearly we engage third-party security experts to perform detailed penetration tests on the NEO application and infrastructure.
Incident Response
NEO implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post-mortem. All employees are informed of our policies.
Additional Security Features
Training
All employees complete Security and Awareness training annually.
Policies
NEO has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Employee Vetting
NEO performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
Confidentiality
All employee contracts include a confidentiality agreement.
