Security & Compliance Overview

Last Updated: March 2026
GABE HRIS is operated by Gabe Technologies LLC | www.gabehris.com
Security Contact: [email protected]

GABE HRIS is built to support security-first HR operations for commercial and regulated organizations. This page summarizes our security practices, operational controls, and compliance alignment.

Encryption in transit

Least privilege access

Audit logging

Security monitoring

Incident response

Vendor risk management

Important: This document is an overview and does not constitute a guarantee of compliance. Customers remain responsible for their own compliance obligations, configurations, and policies.

1. Security Governance

Security Ownership

Security is treated as a core product requirement. We maintain written security policies, access standards, and incident response procedures.

Risk Management

We assess risk across infrastructure, application design, and operational processes and prioritize remediation based on severity and exposure.

2. Infrastructure and Hosting

GABE HRIS is hosted in a secured cloud environment with standard industry controls for physical security, redundancy, and environmental safeguards. We apply additional controls at the application and account layer including strong access controls, logging, and monitoring.

3. Data Protection

Encryption

Encryption in transit: Data is protected using TLS for network communications.
Encryption at rest: Data storage layers are configured to use encryption at rest where supported.

Access Control

Role-based access controls (RBAC) to limit user actions and visibility.
Administrative functions restricted to authorized administrators.
Least-privilege principles for internal access to production systems.

Audit Trails

Logging for security-relevant events and administrative actions.
Audit trails designed to support HR governance and accountability.

4. Application Security

Secure Development

Security-focused engineering practices including code review and controlled deployments.
Dependency awareness and patching processes for known vulnerabilities.

No Third-Party Trackers in the Application

The GABE HRIS application is designed to minimize third-party exposure. The application does not include third-party tracking scripts (for example, ad trackers or behavioral analytics scripts) that would place tracking cookies on user devices.

5. Operational Security

Monitoring and Alerting

We monitor service health and security-relevant signals to detect suspicious activity and maintain reliability.

Backups and Recovery

We maintain backup and recovery practices designed to support restoration following operational failure or incident.

6. Incident Response

We maintain an incident response process designed to identify, contain, remediate, and communicate security incidents. If we become aware of a confirmed incident involving Customer Data, we will notify the Customer without undue delay consistent with contractual obligations.

Security issues may be reported to [email protected].

7. Compliance Alignment

GABE HRIS is designed with alignment in mind for common security and compliance frameworks used by enterprise and regulated buyers. Depending on customer requirements and deployment model, relevant alignments may include:

Security control alignment similar to SOC 2 principles
NIST-aligned control concepts (risk, access control, logging, incident response)
Privacy requirements supported through contractual controls (DPA) and security measures
Support for government contracting workflows (for example, timekeeping governance controls where applicable)

8. Security Control Areas

The GABE HRIS platform incorporates security controls across multiple operational domains. The following overview summarizes key control areas implemented within the platform and operational environment.

Identity & Access Management

Role-based access control (RBAC)
Administrative privilege restrictions
Least-privilege access model
Controlled internal access to production systems

Encryption & Data Protection

TLS encryption for data in transit
Encrypted storage layers where supported
Secure credential handling
Protection of authentication tokens

Logging & Monitoring

Audit logging of security-relevant events
Administrative action logging
System health monitoring
Operational telemetry used for security analysis

Application Security

Secure software development practices
Code review and controlled deployments
Dependency awareness and patch management
Platform protections against unauthorized access

Infrastructure Security

Cloud infrastructure with layered security controls
Network segmentation and access restrictions
Security monitoring at the infrastructure layer
Infrastructure redundancy and reliability safeguards

Operational Security

Incident response procedures
Backup and recovery processes
Operational change management
Internal access governance

9. Customer Responsibilities

Security is shared. Customers are responsible for:

Configuring roles and permissions appropriately.
Maintaining strong authentication practices for users.
Ensuring lawful collection and use of employee data.
Managing endpoint and device security for their workforce.
Defining internal HR policies and retention settings consistent with applicable laws.

10. Security Documentation

Additional policy references:

Acceptable Use Policy: https://gabehris.com/acceptable-use-policy/
Privacy Policy: https://gabehris.com/privacy-policy/
Data Processing Agreement: https://gabehris.com/data-processing-agreement/
AI Responsible Use Policy: https://gabehris.com/ai-responsible-use-policy/

Contact

Security: [email protected]
Privacy: [email protected]
Support: [email protected]
Legal: [email protected]