Compliance and data security

Access Security

Government standards recommend using Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for secure access. The platform you choose should support both of these and allow flexibility in setting password rules, authentication methods, and security parameters.

MFA: This adds an extra layer of protection. Personally, I find authentication apps on phones to be the most secure and convenient option. They allow you to use facial recognition to open the app and provide a rotating code to log in. Alternatives like email or text verification also work but may not be as robust.

SSO: This enables employees to use the same login credentials they use for their work PC, email, and other systems. While setting up SSO can be complex, your IT team should be able to assist.

Data Security

In accordance with UK GDPR laws, your solution must meet stringent requirements for protecting employee data. A great system will also allow you to:

• Set data retention policies, defining how long data is stored and how access changes when an employee leaves.
• Ensure compliance with rules that give former employees access to certain data for a limited period after they leave.
• EU, such as in the USA, ask about the protections in place.
• Data storage location is another critical factor. Ideally, your data should be stored within the EU or UK to ensure it is protected under local data laws. If data is stored outside the

You need to know how vendors handle such situations and ensure your data is treated with the same level of security as if it were stored in the UK or EU.