Security Policies


Easy Metrics delivers a secure, scalable business intelligence cloud service that provides customers with detailed cost and performance metrics on employee activities by process and customer. To provide end-to-end security and privacy, Easy Metrics builds and operates services in accordance with known security best practices and provides security features in those services.

The information provided below assists customers in understanding the security measures in place, and how Easy Metrics uses independent auditors to validate those measures. This page contains the following information:

Physical Security

Easy Metrics is a SaaS based application that is hosted in the Amazon Web Services Cloud and/or the Google Cloud Services hereafter referred to as Cloud Service Provider (CSP). The CSP infrastructure components are installed and managed in ISO 27001 & SSAE 16 Type II compliant data center facilities. Some key aspects of physical security include:

Personnel Security and Screening

Beyond the physical and application security, Easy Metrics also has internal policies to ensure procedures are in place for EM employees in regards to their access to the EM application. Only those employees deemed necessary (support and project implementation personnel) have access to customer accounts. In addition, Easy Metrics screens all employees with criminal background checks and in depth references checks. In addition, only Easy Metrics employees have access to the EM application as no third party vendors can gain access to the core application.

Application Security

All Easy Metrics Cloud operations, including accessing the Easy Metrics web application are secure. When importing your data (WMS, Time clock, etc.) raw data is stored on secure file storage at our CSP, although SFTP transfer is supported as well. This raw data is then imported into the Easy Metrics data client which is encrypted as well. Authentication and authorization to access Easy Metrics application is controlled at all points of user contact:

Web Authentication

Easy Metrics users can log in to the web application using their unique login name and password. Easy Metrics provides role-based access control for user account privileges (e.g. administrator accounts, standard user accounts). Customers assign roles to control the level of access provided to the users within their account. Customers can also customize password management policies (e.g., set minimum password length, set password expiry interval) to meet their own needs.

Authenticated Email

All Easy Metrics users are required to have a valid email address for notification purposes. The system ensures that users have a valid email address from the point of account creation through any changes that are made to the user’s profile.

Network Security

The Easy Metrics application is hosted on CSP on the subdomains of and The Easy Metrics application has been designed to leverage CSP firewall services which are monitored daily through system admins and Nagios alerts.

Data Security

Securing customer data, at rest and in transit, are core requirements for any cloud based Application.

Easy Metrics is a multi-tenant application that provides isolation between file data for different customers, and between all disk images thus ensuring that data for each customer is kept segregated.

As mentioned previously in this document, all data sent to Easy Metrics is encrypted via the CSP protocol and encrypted when stored at the Easy Metrics data client. At the app level, customers do not encrypt data due to the performance degradation that would occur, but instead many Easy Metrics customers will make certain data anonymous which is then stored in the EM application in that same fashion.

Compliance and Validation

The Easy Metrics application resides on our CSP which is ISO 27001 and SSAE 16 certified, EM can provide those reports upon request. In addition, Easy Metrics is certified in compliance with the ISO 27001:2013 certification for Data processing procedures.

General Data Protection Regulation (GDPR)

The primary directive of the new General Data Protection Regulation is to protect European Union citizen’s data, regardless of the location of the data, or the natural person the data refers to. Easy Metrics Inc. has always believed in our user’s right to privacy. We have already met or exceeded the industry standards for security. However, we strive to better our ability to protect our clients, users, and their data. We have never, and will never, deliver our user’s data to a third party without explicit and informed consent. Easy Metrics Inc. is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when submitting data or using our website tools, then you can be assured that it will only be used in accordance with this privacy statement. Easy Metrics Inc. may change this policy from time to time by updating this page. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from May 11, 2018.

Data Requirements

What We Collect

We may collect the following information:

What We Do With Information Gathered

We require this information to both understand your needs and provide you with a better service, and in particular for the following reasons: 

Data Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Data Protection Officer Requirement

Easy Metrics Inc. has an internal D.P.O. to ensure and monitor the confidentiality, integrity, and availability of our client’s data.

Code of Conduct

We follow a fair and transparent processing framework. For more details see the Organizational Security Policy. Easy Metrics Inc. will use pseudonymization of personal data to protect any data selected for processing.


Easy Metrics has always believed in Secure-by-Design and Private-by-Design. We will never accept more information than is required to perform the exact processing application asked. We work closely with our clients to understand the data they will provide. We take the privacy of their employees as a paramount requirement.

Individual’s Rights

A Data Subject may request details of personal information which we hold about them under the Data Protection Act 1998. A small fee will be payable. To request a copy of your personal information, please write to

If a data subject believes that any information we are holding on them is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

Security Policy Summary

Easy Metrics takes security very seriously and has many safeguards in place to ensure that our customers’ data remains secure. Easy Metrics is actively monitoring traffic patterns and application interactions for specifically defined security events. Customer notification for any security abnormality will take place within 24 hours. With physical, application, network and data security policies in place and a robust monitoring systems, Easy Metrics has the systems and policies in place to protect our customers’ most critical asset – their data.

Cookies are important to the proper functioning of a site. We take your privacy very seriously. To improve your experience, we use cookies to collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or see our privacy policy for more detail.