π‘οΈ enableHR β Cybersecurity & Data Security FAQ
This FAQ explains how enableHR keeps your data safe, backed up, and compliant with Australian and New Zealand security standards.
If you need more technical or legal information, please contact our Product Team through your Customer Success Manager.
π Data Backup & Recovery
Do you back up our data regularly?
Yes. Your data is backed up every hour.
Backups are encrypted and securely stored in Amazon Web Services (AWS S3) as part of our ISO 27001 certified security framework.
Where is my data stored?
All customer data is stored in AWS (Asia Pacific β Sydney) and Azure AD B2C, both with data residency in Australia.
Can I access backups myself?
No, customers canβt directly access our backup systems.
However, you can request a full data snapshot at any time through our Data Extraction Facility.
To do this, please log a ticket with our Customer Success Team.
Can I keep my own on-site backup?
Yes. You can request data extracts and store them yourself.
Please note that additional costs may apply β contact our Product Team for details.
π Security Standards & Certifications
What security certifications do you have?
enableHR (CitationHR) is ISO 27001 certified, which is the international standard for information security management.
Certification details: ISO 27001 Certificate β JAS-ANZ Register
Original Certification Date: 24 Feb 2025
Current Certification Date: 30 May 2025
Expiry Date: 23 Feb 2028
Do you conduct penetration testing?
Yes. A penetration test is performed annually to ensure system security.
π Encryption & Data Access
Is data encrypted in transit and at rest?
Yes.
In transit: All access uses HTTPS/TLS with RSA 2048-bit encryption.
At rest: Data in AWS is encrypted using AWS Key Management Service (KMS), and all files are stored in encrypted S3 buckets.
How is access to data controlled?
Only authorised personnel can access data, and all access requires secure authentication. Access is continuously monitored.
π§ Data Privacy & Governance
Does Citation AU have a governance and risk framework?
Yes. Please refer to our Information Security Policy v2.7 (updated 25 Sept 2025).
Do you have Business Continuity (BCP) and Disaster Recovery (DRP) plans?
Yes. Both are in place and were last tested in November 2024, passing all requirements.
π¨ Cyber Incidents & Responsibilities
What happens if thereβs a cyberattack or data breach?
We follow all Australian and New Zealand privacy laws, including mandatory data breach notification requirements.
Have you had any security breaches?
No. In the past 12 months, there have been no known breaches of our physical or IT security controls.
π§Ύ Cyber Insurance
Does enableHR have cyber insurance?
Yes. We hold cyber insurance that covers client data breaches.
For security reasons, details are not shared publicly β please contact our Customer Support Team if you require documentation.
Do customers need their own cyber insurance?
Yes. We recommend you maintain your own cyber insurance to cover:
First-party losses (e.g. data restoration, business interruption)
Third-party liabilities (e.g. claims or regulator investigations)
Incidents involving third-party cloud services like enableHR
π Privacy & Compliance
Where is customer data stored?
All data is stored in Australia within AWS and Azure infrastructure.
Data is not replicated or stored in any other country.
Do you have Privacy and Security Policies?
Yes:
AU Privacy Policy: Privacy Policy | enableHR
NZ Privacy Policy: Privacy Policy | enableHR
IT Security Policy: Information Security Policy v2.7 (Sep 2024)
Supporting Document: enableHR & HRA Cloud β Privacy & Security Technical Overview (last updated 6 May 2020)
β
Need more help?
If you have further questions about data security, privacy, or compliance, please contact the enableHR Customer Support Team or your Customer Success Manager.