Breezy HR Security Documentation

At Breezy HR, we’re committed to information security and privacy.

Cryptographic Control Policy (A.18.1.5)

Objectives

  • All systems requiring authentication should make use of good passwords as part of the authentication process.
  • Systems using cryptography should use industry standard secure algorithms.
  • Where applicable, any and all legislative or regulatory mandates, relative to Breezy cryptographic controls will be adhered by employing Threat and Risk Assessment followed by proper Change Management Policy procedures.  
  • Data stored or transmitted should be encrypted at rest and in transit.

Scope

Breezy’s Cryptographic Control Policy shall include the following:

  • All information assets (data) either owned by Breezy or entrusted to Breezy by a client under an agreement which specifically details Breezy’s data responsibility
  • Information assets held, processed or stored at Amazon Web Service facilities under accounts owned by Breezy used to facilitate Breezy product offerings

Policy

General Requirements

Do not write your own encryption implementation. Always use industry standard encryption methods known to be secure.

HTTPS

Scoped assets with HTTPS servers must be configured so:

  • TLS protocols available are in the Acceptable SSL list below
  • TLS cipher suites available are in the acceptable cipher suites list below
  • When possible, the server will prefer to negotiate with the preferred protocol and preferred cipher suites in the lists below
Acceptable SSL
  • TLSv1.1
  • TLSv1.2
Preferred SSL
  • TLSv1.2
Acceptable Ciphersuites
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-CHACHA20-POLY1305-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-CBC-SHA
  • ECDHE-ECDSA-AES256-CBC-SHA
  • ECDHE-RSA-CHACHA20-POLY1305-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA
  • AES128-GCM-SHA256
  • AES256-GCM-SHA384
  • AES128-SHA256
  • AES256-SHA
  • AES128-SHA
Preferred Ciphersuites
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-CHACHA20-POLY1305-SHA256
  • ECDHE-RSA-CHACHA20-POLY1305-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384

Encryption at Rest

All encryption at rest will use AES-128 encryption or better. Keys for encryption at rest will be maintained inside Amazon Web Services Key Management System.

Application-Level Cryptography

Applications developed by Breezy will use one of the following cryptographic methods when handling sensitive data:

  • Bcrypt or better, when storing passwords in a database
  • MD5 or better when creating one way hashes to anonymize data
  • AES-128 or better when encrypting data with an appropriate mode of operation

Key Rotation

  • TLS keys (used for HTTPS) for certificates issued through Amazon Certificate Manager by Breezy will be rotated on an annual basis.
  • TLS keys for certificates issued by a 3rd party customer will be rotated at least every three years.
  • Keys used for encryption at rest in Amazon Web Services Key Management System will be rotated every year (for Breezy-managed keys (“CMKs”)) or every three years (for Amazon-managed keys).
  • Keys used for application-level cryptography will be rotated at least every three years.

Responsibilities

  • The Information Security Manager is responsible for ensuring the Cryptographic Controls listed in this document afford company assets adequate protection.
  • Asset owners are responsible for ensuring their information assets adhere to the Cryptographic Controls listed in this document

You're in Good Company

Shipt Logo
Piksel LogoWaitr LogoDocebo LogoCameo Logo

Our customers love us, and it shows! According to Gartner we're the most highly rated HR and Applicant Tracking product in Customer Satisfaction.

Are you ready?

Start optimizing your recruiting process today.

Join the thousands of companies already hiring with Breezy HR.

Full Feature 14-Day Trial
No Credit Card Needed