Peopletree Group

Access Required

Please access the main proposal first to unlock all supplementary documents.

Return to Proposal
Technical Overview - IT and Security

Platform security and data governance

This document is prepared for IT Directors, Security Architects, and Compliance Officers reviewing the Peopletree Group platform. It covers infrastructure, data security, authentication, and AI governance.

At a Glance

Key compliance and security certifications

The Peopletree Group platform is built on enterprise-grade infrastructure with third-party security certification.

✓ SOC 2 Type II Certified ✓ GDPR Compliant ✓ POPIA Compliant ● AWS Cloud Infrastructure ● AES-256 Encryption at Rest ● TLS 1.3 in Transit ● SSO / SAML 2.0 Support ● MFA Enforced ● Role-Based Access Control
Technical Details

Infrastructure and security architecture

Infrastructure and Hosting
  • Hosted on AWS (Amazon Web Services) in the eu-west-1 (Ireland) region
  • Multi-availability zone deployment for high availability
  • Automated daily backups with 30-day retention
  • 99.9% uptime SLA with automated failover
  • CDN delivery via CloudFront for global performance
Authentication and Access
  • SSO support via SAML 2.0 and OAuth 2.0
  • Multi-factor authentication (MFA) enforced for all users
  • Role-based access control (RBAC) with granular permissions
  • Session timeout and automatic logout policies
  • Audit log of all user actions and data access events
Data Security
  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Data residency in EU by default; regional options available
  • No client data used for model training or third-party sharing
  • Data deletion on contract termination within 30 days
AI Processing and Governance
  • AI features use isolated, client-specific processing environments
  • No cross-client data exposure in AI processing pipelines
  • Human review required for all AI-generated readiness ratings
  • Explainability documentation available for all AI-assisted assessments
  • Responsible AI policy available on request
Integration Approach
  • For this engagement: no system integration required
  • Data ingestion via structured CSV/Excel export from existing HR systems
  • Sage 300 and other payroll systems remain out of scope
  • API integration available for future phases if required
  • Flexible data integration - not a native or pre-built connector
Monitoring and Governance
  • 24/7 infrastructure monitoring with automated alerting
  • Penetration testing conducted annually by a third-party firm
  • SOC 2 Type II audit conducted annually - covering Security, Availability, and Confidentiality
  • Incident response plan with defined SLAs for breach notification
  • Data Processing Agreement (DPA) available on request
Technical Contact

Questions from your IT team

For detailed technical questions, security documentation requests, or DPA review, please contact our technical team directly.

Rob Heymann
Head of Technology
Peopletree Group
rob@peopletreegroup.com