Our Commitment to Privacy
Infor is committed to maintaining the confidentiality, integrity and security of all personal information we process or maintain about our current and prospective customers and the employees of our corporate customers in connection with its hosted and software as a service (SaaS) products delivered as part of Infor’s Enwisen HR Service Delivery product suite. Infor maintains a strong focus on meeting privacy requirements and the implementation of appropriate security controls to foster a high level of trust between Infor, our customers and our customers’ users.
Please note that this policy applies to the Infor Enwisen HR Service Delivery product suite. How this policy applies to your use of the Infor Enwisen HR Service Delivery products may depend on whether you are a direct corporate customer or an employee or associate of an Infor customer.
How and why we obtain personal information
The use of Infor’s Enwisen HR Service Delivery solutions may result in Infor having access to and possession of personal information about the employees of our corporate customers or other individuals with whom we have relationships. Personal information is a class of non-public information that typically includes data about an individual such as name, address, Social Security Number, birth date, and other personally identifiable information. Personal information may be the subject of one or more applicable laws requiring Infor and/or our customer to protect the information and to take specific actions in the event of an unauthorized use or disclosure. Infor takes great care to protect any personal information provided to us. This information may be collected from multiple sources that include:
- Directly from individual users entering the information into one of Infor’s applications.
- Directly from Infor’s corporate customers through their designated service representatives or indirectly via secure batch data transfers.
- In the ordinary course of transactional activities as information is updated or processed by our customers or through data maintenance activities.
- Other sources as defined by one of our solutions.
How we protect personal information
Infor does not use personal information provided to us by our customers or users for promotional, advertising or marketing purposes nor does Infor sell or make personal information available for such purposes. Personal information is used only in connection with delivery of our solutions to our customers and access to personal information is restricted to only those who have a need-to-know in connection with the delivery of our solutions.
Infor employs multiple best practices which include physical, electronic and procedural controls. We are constantly evaluating these controls through internal and external audits and modify them to respond to any changes in technological advances, risk or requirements changes. Our Information Security Management System is centered on the implementation and maintenance of appropriate administrative, physical and technical safeguards consistent with industry best practices and designed to comply with ISO/IEC 27001:2005 and the associated ISO/IEC 27002 appendix. Our Information Security Management System features:
- Management commitment to information security as noted by our focus on ISO 27001 compliance and certification strategy;
- Continual review of the implementation and effectiveness of information security policies and practices including frequent internal security audits and annual independent SSAE16 audits;
- Requirements that third parties participating in delivery of our solutions implement and maintain appropriate security controls with verification of such practices through periodic assurance audits;
- Asset management processes which track all assets and insure they are being used appropriately
- Information classification designed to ensure that appropriate protection is applied to all data;
- Administrative processes to ensure all individuals are aware of their responsibility for data privacy and security and that appropriate non-disclosure agreements are executed;
- Requirements that all employees maintain awareness of the risks related to data security and their responsibility to adhere to Infor’s policies and procedures;
- Appropriate physical security controls to protect assets within a secure perimeter and enforce limited access based upon the classification level of the data.
How we share personal information with third parties
Infor does not share personal information with third parties unless a third party is participating in the performance of a specific service for the benefit or our customer and the data shared is necessary to the service being performed. Third party service providers are contractually obligated to protect the information shared with them and to use it only for providing services to our customers.
How we share personal information within Infor
A department within Infor may utilize the services of another department at Infor to provide functions that could include printing, mailing or data processing. All private information that is shared within Infor will be handled in strict compliance with our Information Security Management System.
Services provided by Infor that have an online capability have additional security controls to insure the confidentiality, availability and integrity of the data being transmitted or processed. Infor has implemented a variety of controls that include strong physical security, highly redundant critical systems, firewalls, DMZ’s, load-balancers, advanced encryption, VPN’s, two-factor authentication, and other techniques, designed to ensure the security of online sessions. When necessary to facilitate site navigation or to enhance security, Infor will utilize techniques such as session cookies or similar temporary files. The information processed or stored by these mechanisms will be limited to only that which is necessary for delivery of our services. We may collect information about application performance and the time required to respond to user interactions. This information is only used to determine where additional resources are necessary to provide a more rewarding customer experience.
Infor Enwisen HR Service Delivery Security Statement
How and why we obtain non-public information
Infor takes great care to protect non-public information provided to us by our customers. This information may be collected from multiple sources that include:
- Directly from use of one of Infor’s hosted applications.
- Directly from a customer’s designated service representative or indirectly via batch data transfers.
- In the course of transactional activities as information is updated or processed by an Infor hosted application, or through data maintenance activities.
- Other sources as defined by one of our solutions.
How we protect non-public information
Infor has implemented a defense-in-depth strategy to protect non-public information. This strategy is based upon best-practices designed to comply with applicable laws and regulations and is based upon widely accepted industry standards such as ISO/IEC 27001:2005. Our security management system is based on a plan, do, check and act model that includes these domains:
- Security Policies: We require that all employees be responsible for the security of non-public information and follow the practices defined within the Information Security Management System.
- Information Security Organization: Infor’s management is committed to security and has established an organization responsible for the security of non-public information.
- Asset Management: All assets are strictly controlled and all information is classified in order to determine the appropriate controls required for access and handling.
- Human Resources Security Practices: Infor conducts a comprehensive background check and screening at the time each employee is hired and requires that employees maintain familiarity and compliance with security responsibilities. When employees leave Infor, a formal process is established to remove their physical and virtual access to the Infor infrastructure.
- Physical and Environmental Security: Infor places critical components in physically controlled spaces with best-practices in place to secure infrastructure. Physical and environmental security measures include card and/or biometric access controls, and limited access to secure locations based on job function.
- Communication and Operations Management: Infor has implemented strong operational procedures to protect information. Our controls surrounding system planning, protection from malicious code, backup processes, network security, media handling and exchange of information are constantly being analyzed and monitored to insure they provide reasonable protection for your data. Third party service providers with access to confidential information are required to adhere to security and privacy requirements that are consistent with and at least as restrictive as Infor’s own policies and procedures regarding the protection of confidential information.
- Access Control: All access to systems, networks, and applications is controlled down to the user and resource level with role-based privilege techniques. This access is reviewed on a periodic basis to ensure that a change of personnel or a change of role has not modified the access needs of the individual.
- System Development: Security requirements of all applications that handle confidential information are defined early in the development stage. Appropriate data protection techniques are designed into the application while changes to developed software must go through a mature change management process.
- Incident Management: In the unlikely event of an actual or reasonably suspected security incident, our teams immediately begin work to identify the scope if impact, mitigate any exposure, determine the root cause of the incident and take appropriate corrective action.
- Compliance: We are constantly analyzing the requirements of legal, regulatory, and contractual obligations to insure we are abiding by the requirements that apply to the handling of your data.
If you have any questions or need additional information, please don’t hesitate to contact your Infor Account Executive directly or contact us by e-mail at firstname.lastname@example.org with “Enwisen Security and Privacy” in the subject line.