The New harmon.ieSecurity & Privacy
At harmon.ie, we ensure your data remains strictly within the boundaries of your tenant and is never trafficked, processed, or stored anywhere other than in your tenant, guarded by your own security policies and procedures.
How we secure your data
Your trust is our most important asset, so rather than just take our word for it, let’s get into the details of how harmon.ie safeguards your information. Our approach to security has three core pillars–architecture, standards, and best practices for application development.
Your data stays on your tenant
The hew harmon.ie’s design forms the foundation of your data security. The new harmon.ie is a web add-in that resides exclusively within your Microsoft 365 tenant. With no back-end processing or data transfers required, the new harmon.ie lives solely within the security enclosure of your private environment. There is no risk of data leakage, theft, or manipulation with the new harmon.ie because your data never leaves the premises.
While building the new harmon.ie we made additional architectural decisions to further secure your data. The new harmon.ie is built on a secure Azure cloud architecture—which holds its own host of certifications—and we leverage a resource called Static Web App. Additionally, all network traffic is encrypted using Transport Layer Security (TLS 1.2).
Certifications
In recognition of our security-forward approach, Microsoft has certified that new harmon.ie meets the rigorous standards of the Microsoft 365 App Compliance program. Before making this certification award, Microsoft vetted the new harmon.ie against controls from leading industry frameworks. Microsoft found the new harmon.ie to demonstrate the latest security and compliance practices to protect customer data. In addition to closely examining the code of the new harmon.ie, Microsoft also audits the processes and procedures used to develop the new harmon.ie, adding an addition layer of protection. With this certification, users can be assured that the new harmon.ie is GDPR compliant, does not perform any automated decision making that could result in legal liability, does not collect data from minors, nor does it collect any sensitive categories of data.
harmon.ie also holds an ISO 27001 certification from the Standards Institution of Israel. ISO 27001 is an international certification, developed by the International Standards Organization, that details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). harmon.ie applies these standards not just to our own internal operations, but also to the applications we develop.
Microsoft Trusted Partner, ISO-27001 certified
Best Practices
In addition to architecture and certifications, we also employ best practices for the design and development of secure applications. These include:
- Principle of Least Privilege (POLP). This means that we designed harmon.ie’s access controls to ensure end users have the minimal needed rights for the applications, database, and infrastructure.
- User access control. All users are limited to role-based controlled access (i.e. read, write, and modify) to information and applications accessed via harmon.ie, mirroring their Microsoft 365 rights.
- No access for us. Because your data stays in your environment, no harmon.ie employee has direct access to your data and has no way to download private information under any circumstances.
- Audit log. An audit log tracks user history, so you can always see who changed what and when.
Read more about harmon.ie security.