Easy Metrics brings together all your labor data so you can understand your labor costs and drive an engaged and productive workforce.
Easy Metrics delivers a secure, scalable business intelligence cloud service that provides customers with detailed cost and performance metrics on employee activities by process and customer. To provide end-to-end security and privacy, Easy Metrics builds and operates services in accordance with known security best practices and provides security features in those services.
The information provided below assists customers in understanding the security measures in place, and how Easy Metrics uses independent auditors to validate those measures. This page contains the following information:
Easy Metrics is a SaaS based application that is hosted in the Amazon Web Services Cloud and/or the Google Cloud Services hereafter referred to as Cloud Service Provider (CSP). The CSP infrastructure components are installed and managed in ISO 27001 & SSAE 16 Type II compliant data center facilities. Some key aspects of physical security include:
Beyond the physical and application security, Easy Metrics also has internal policies to ensure procedures are in place for EM employees in regards to their access to the EM application. Only those employees deemed necessary (support and project implementation personnel) have access to customer accounts. In addition, Easy Metrics screens all employees for 6 panel drug testing, criminal background checks and in depth references checks. In addition, only Easy Metrics employees have access to the EM application as no third party vendors can gain access to the core application.
All Easy Metrics Cloud operations, including accessing the Easy Metrics web application are secure. When importing your data (WMS, Time clock, etc.) raw data is stored on secure file storage at our CSP, although SFTP transfer is supported as well. This raw data is then imported into the Easy Metrics data client which is encrypted as well. Authentication and authorization to access Easy Metrics application is controlled at all points of user contact:
Easy Metrics users can log in to the web application using their unique login name and password. Easy Metrics provides role-based access control for user account privileges (e.g. administrator accounts, standard user accounts). Customers assign roles to control the level of access provided to the users within their account. Customers can also customize password management policies (e.g., set minimum password length, set password expiry interval) to meet their own needs.
All Easy Metrics users are required to have a valid email address for notification purposes. The system ensures that users have a valid email address from the point of account creation through any changes that are made to the user’s profile.
The Easy Metrics application is hosted on CSP on the easymetrics.com subdomains of app.easymetrics.com and data.easymetrics.com. The Easy Metrics application has been designed to leverage CSP firewall services which are monitored daily through system admins and Nagios alerts.
Securing customer data, at rest and in transit, are core requirements for any cloud based Application.
Easy Metrics is a multi-tenant application that provides isolation between file data for different customers, and between all disk images thus ensuring that data for each customer is kept segregated.
As mentioned previously in this document, all data sent to Easy Metrics is encrypted via the CSP protocol and encrypted when stored at the Easy Metrics data client. At the app level, customers do not encrypt data due to the performance degradation that would occur, but instead many Easy Metrics customers will make certain data anonymous which is then stored in the EM application in that same fashion.
The Easy Metrics application resides on our CSP which is ISO 27001 and SSAE 16 certified, EM can provide those reports upon request. In addition, Easy Metrics is certified in compliance with the ISO 27001:2013 certification for Data processing procedures.
The primary directive of the new General Data Protection Regulation is to protect European Union citizen’s data, regardless of the location of the data, or the natural person the data refers to. Easy Metrics Inc. has always believed in our user’s right to privacy. We have already met or exceeded the industry standards for security. However, we strive to better our ability to protect our clients, users, and their data. We have never, and will never, deliver our user’s data to a third party without explicit and informed consent. Easy Metrics Inc. is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when submitting data or using our website tools, then you can be assured that it will only be used in accordance with this privacy statement. Easy Metrics Inc. may change this policy from time to time by updating this page. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from May 11, 2018.
We may collect the following information:
We require this information to both understand your needs and provide you with a better service, and in particular for the following reasons:
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Easy Metrics Inc. has an internal D.P.O. to ensure and monitor the confidentiality, integrity, and availability of our client’s data.
We follow a fair and transparent processing framework. For more details see the Organizational Security Policy. Easy Metrics Inc. will use pseudonymization of personal data to protect any data selected for processing.
Easy Metrics has always believed in Secure-by-Design and Private-by-Design. We will never accept more information than is required to perform the exact processing application asked. We work closely with our clients to understand the data they will provide. We take the privacy of their employees as a paramount requirement.
A Data Subject may request details of personal information which we hold about them under the Data Protection Act 1998. A small fee will be payable. To request a copy of your personal information, please write to support@easymetrics.com.
If a data subject believes that any information we are holding on them is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
Easy Metrics takes security very seriously and has many safeguards in place to ensure that our customers’ data remains secure. Easy Metrics is actively monitoring traffic patterns and application interactions for specifically defined security events. Customer notification for any security abnormality will take place within 24 hours. With physical, application, network and data security policies in place and a robust monitoring systems, Easy Metrics has the systems and policies in place to protect our customers’ most critical asset – their data.
